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The Consistency and Complexity of 
Multiplicative Additive System Virtual 
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Abstract 


This paper investigates the proof theory of multiplicative additive 
system virtual (MAV). MAV combines two established proof calculi: 
multiplicative additive linear logic (MALL) and basic system virtual 
(BV). Due to the presence of the self-dual non-commutative operator 
from BV, the calculus MAV is defined in the calculus of structures — 
a generalisation of the sequent calculus where inference rules can be 
applied in any context. A generalised cut elimination result is proven for 
MAV, thereby establishing the consistency of linear implication defined 
in the calculus. The cut elimination proof involves a termination 
measure based on multisets of multisets of natural numbers to handle 
subtle interactions between operators of BV and MAV. Proof search 
in MAV is proven to be a PSPACE-complete decision problem. The 
study of this calculus is motivated by observations about applications 
in computer science to the verification of protocols and to querying. 


Keywords: proof theory, deep inference, non-commutative logic. 


1 Introduction 


This paper provides proof theoretic results supporting a line of work that 
makes the case for using systems defined in the calculus of structures for 
formal verification of protocols. The companion paper [11] makes the case 
for an extension of the calculus BV [20] with the additive operators as a 
foundation for finite session types [24, 26] inspired by the Scribble protocol 
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modelling language [25]. A session type is a specification of the types of 
messages exchanged in a protocol along with control flow information about 
the order in which messages are sent and received. Session types can be used 
for both the static [37, 29] and runtime [28] verification of protocols. 
Advantages of using the session types formalised in the calculus of 
structures, highlighted in the companion paper [11], include the following: 


e Provability in the calculus of structures provides a natural notion of 
multi-party compatibility. Given a multi-set of session types, repre- 
senting the local behaviour of participants in a protocol, multi-party 
compatibility determines whether the participants can work together 
to successfully complete a session (without deadlock due to a hanging 
receive with no corresponding send for example). 


e Provable linear implications define a subtype relation over session types. 
The subtype relation allows not only the types of messages exchanged 
to be varied but also for the control flow of messages to be compared. 
A participant satisfying a super-type is always capable of fulfilling the 
role of any participant satisfying any of the corresponding sub-types. 


e A new operator is introduced to the field of session types that is dual 
to parallel composition. This new operator can be used to model the 
parallel synchronisation of separate inputs, for example. 


A further, more objective, justification for the use of the calculus of 
structures as a foundation for session types is that the formal model is a 
logical system in its own right. We provide this logical system with the 
technical name multiplicative additive system virtual (MAV). The calculus 
is a combination of two established proof calculi basic system virtual? (BV) 
and multiplicative additive linear logic (MALL). However, it is not sufficient 
to assume that the proposed combination of these two existing proof calculi 
preserve the desirable properties of a proof calculus. Nor is it sufficient just 
to cite the techniques employed [20, 46, 49, 22, 9] and hope they work. A 
thorough check is required. This paper addresses these issues, so that we 
can confidently recommend the use of systems based on MAV, such as the 
session type system introduced in the companion paper [11]. 

This paper answers two important questions about MAV. Firstly, does 
MAV really define a logical system? Secondly, is the complexity bound for 
proof search reasonable? 


?The term virtual refers to an alternative intuition from physics where rules can create 
and annihilate virtual particle pairs [4]. 
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The question of whether MAV really defines a logical system is ap- 
proached by proof theoretic techniques. Inside MAV there is an internally 
derived notion of linear implication. If MAV is a good logical system, then 
implication should at least do the basic things that implication is expected 
to do. For example, every logical system agrees that if A holds then A 
holds, i.e. A implies A. The other property that is expected of any deductive 
system since the notion of a syllogism was introduced by Aristotle in Prior 
Analytics [35], is that if A implies B and B implies C, then A implies C. 
Considering all logical systems in the broadest sense, any other property that 
might be expected of implication is challenged by another logical system 
where that property of implication does not hold. Thus the presence of a 
notion of implication satisfying these two properties highlighted is an indica- 
tor of the consistency of a logical system, where deductive reasoning can be 
performed using implication. This paper establishes that linear implication 
in MAV obeys these most fundamental properties expected of implication. 


MAV possesses a self-dual non-commutative operator — an operator, say 
“op”, where “A op B” is not necessarily equivalent to “B op A”, and also the 
de Morgan dual of “op” is “op” itself. Contrast this with classical conjunction 
A, which has classical disjunction V as its De Morgan dual. A motivating 
observation for this work is that, in the original paper initiating investigations 
into session types [24], both a self-dual non-commutative operator and a pair 
of de Morgan dual lattice operators are employed. In that original paper, 
the lattice operators were directly inspired [1] by the additives in MALL, and 
are used in session types to control choice or branching in protocols. 


Due to the presence of a self-dual non-commutative operator, the 
consistency of linear implication is investigated in a generalisation of the 
sequent calculus, called the calculus of structures [20]. The sequent calculus, 
due to Gentzen [16], is a flexible formalism for expressing proof systems 
and establishing consistency results, but is constrained to reasoning in a 
shallow structure called a sequent. Tiu [50] established that a calculus with 
a self-dual non-commutative operator called BV cannot be expressed without 
a technique enabled by the calculus of structures, called deep inference. In 
deep inference, rules are applied at any depth within a proposition. The 
main contribution of this paper is to establish that techniques developed in 
the calculus of structures can be adapted to the system MAV. 


The question of the reasonable complexity of proof search is of course 
subjective. This paper establishes that proof search is a PSPACE-complete 
problem, ... but is that reasonable? To justify whether the complexity bound 
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is reasonable, applications should be considered. Concerning the problems 
associated with verifying protocols in the companion paper [11], a good 
protocol is likely to be of a limited size, so a PSPACE-complete verification 
tool is reasonable. In the setting of query languages, PSPACE-complete 
problems are common, including the combined complexity of Codd-equivalent 
languages [51] such as relational algebra. By the combined complexity we 
mean the complexity in terms of arbitrary queries and data. However, other 
complexity measures, such as query complexity, that reflect the fact that 
the data is large compared to a query and either the data or query is likely 
to be mostly static, explain why in practice most queries on a database 
run efficiently. Therefore, we argue that for the envisioned applications, a 
PSPACE-complete complexity bound for proof search is comparable to what 
would be expected for an expressive but finite system. 


Section 2 provides background material on the sequent calculus and the 
logical system multiplicative additive linear logic. The reader comfortable 
with linear logic can skip this section. Section 3 introduces the syntax 
and semantics of MAV expressed in the calculus of structures. Section 4 
provides the proof theoretic devices that establish the consistency of MAV, 
via a generalised cut elimination result. Finally, in Section 5, several proof 
theoretic results and known complexity results are invoked to establish the 
complexity of MAV. 


2 Multiplicative Additive Linear Logic 


For reference, we introduce the logical system multiplicative additive linear 
logic (MALL) expressed in the sequent calculus. MALL is a sub-system of 
linear logic. Linear logic was discovered by Girard [17] when investigating 
the separation of the roles of duplication and disposal of formulae, called 
contraction and weakening, from the role of negation in proof systems for 
intuitionistic logic. By removing the powerful exponential operators that 
control the use of contraction and weakening from propositional linear logic, 
we obtain a well behaved logical system with two pairs of conjunction and 
disjunction operators — the multiplicatives and the additives. 

The semantics of MALL can be expressed in a proof calculus called the 
sequent calculus. The sequent calculus involves two levels of syntax — the 
object level and the meta level. The object level concerns the propositions 
themselves, while the meta level concerns the language for describing proofs. 
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The meta level sequents. Sequents are meta level constructs that consist 
of a bag of propositions separated by commas. Another name for a bag 
is a commutative monoid which is a structure satisfying associativity and 
commutativity, with a unit. Sequents range over I, A, as defined by the 
following grammar, where T' is any proposition. 


Ts=T PT 


The following structural congruence (a reflexive, transitive, symmetric re- 
lation that holds in any context) over sequents induces the structural rule 
exchange, where the exchange rule allows any two formulae inside a sequent 
to exchange position. The unit I is an elegant way of handling empty sequents. 
Also, due to associativity, brackets can be omitted in sequents. 


([,A),#=T,(A, £) rA=A,T Ti=Tl 
r=. if =A then A=T iff =Aand A=E, thnT=E£ 


iff=AthenT,F=A,E iff=Athen F,T=EL,A 


Premises and conclusions of rules are considered modulo the structural 
congruence over sequents. Three forms of rules are used to define MALL: 
axioms with no premise and one conclusion that always holds; and rules 
with either one or two premises, where the conclusion holds only if all of the 
premises hold. The forms of rules are expressed below. 


Pe eA ED dew 
iff =I" and A= A’ and E = E’ and ——_——_, then —____—— 
LE + BE" 
aes ba’ 
if R= and: A= and —, then 
FA t A’ 


if P= A and (> then 
We are deliberately putting more emphasis than normal on the structural 
rule of exchange, since harnessing this structural rule is central to the 
development of non-commutative logic in the forthcoming sections of this 
paper. Just removing exchange is insufficient to achieve a consistent non- 
commutative logical system. Removing the distinction between the object 
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level and meta level syntax have been found to be critical [50] for the study of 
non-commutative operators in a proof calculus. For ease of comparison with 
the following sections a structural congruence style explanation of exchange 
is presented, rather than simply stating, as in the presentation by Girard [17], 
that exchange permutes all propositions in a sequent. 


The object level propositions. Propositions are formed from units, 
atoms, negative atoms and binary operators. There is one unit written I. 
The grammar for propositions is defined as follows. 


Te 1|ele|Ter|T|T|Ter|Ter 


The atoms of the calculus are drawn from some set of atomic propositions and 
can either be positive a or negative a. The remaining syntactic constructs 
can be divided into multiplicative and additive constructs, hence the name 
multiplicative additive linear logic. The multiplicatives are the unit I, times 
® and par ||. The additives are plus © and with &. 


Derived concepts of negation and implication. Notice that in the 
syntax of propositions, only atoms are negated or complemented, using an 
overline. Negation is extended to all propositions by the following function 
that transforms a proposition into the complementary proposition in negation 
normal form, where negation applies only to atoms as permitted by the 
syntax. 


@=a I=! (T@EU)=T|U (TIU=Tel 


(TOU) =TKU (kU)=TOU 


The above functions state that ® and || are de Morgan dual to each other, 
as are ® and &; similarly to the de Morgan duality between and and or in 
classical logic. Similarly to classical logic, where classical implication T > U 
is defined as not T or U, linear implication, written V —o W, is defined as 
V {| W. 


Rules for MALL. The propositions of the calculus are characterised by 
their deductive rules in Fig. 1. 

The rules for multiplicative conjunction, times ®, and additive conjunc- 
tion, with &, are equivalent in a classical setting, where the structural rules 
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: Fa<b 
— unit atomic interaction 
FI tall b 
FI,T FA,U EFT ,T,U Fr FA 
times —————_ par ——— mix 
FT,A,T@U Pre |e FILA 
FT? FDU LTD,T ET,U 
with ————_ left ————_ right 
FT,T&Uu FI,T@eU FI,T@U 


Figure 1: The deductive rules of MALL, where Tr 41 and A #1 in the rule 
mix. In atomic interaction, a < 6 is a conclusion for any deductive system 
defined such that < is a preorder over atoms. 


of weakening and contraction are permitted. By using the structural rule 
of weakening, that allows propositions in a sequent to be forgotten, A @ B 
implies A & B would be provable. By using the structural rule of contraction, 
that allows propositions in a sequent to be duplicated, A & B implies A ® B 
would be provable. However, neither weakening nor contraction are present 
in MALL, hence neither of the above two implications hold in general. Hence 
multiplicative and additive conjunction are distinguished operators. 

The with rule for additive conjunction A & B suggest that both A and 
B must hold the same given context. An additive disjunction A @ B has 
a dual meaning where A or B must hold in the given context. Additive 
conjunction and disjunction define greatest lower bounds and least upper 
bounds respectively, in the lattice of propositions ordered by implication. 

The intuition behind the multiplicative connectives is best understood in 
terms of resources and interaction. Both multiplicative conjunction (times ®) 
and multiplicative disjunction (par ||) indicate the partitioning of resources. 
The difference is that par permits interaction between atoms on either side 
of the operator, while times forbids interaction. The interactions are enacted 
by the atomic interaction rule where a positive and negative atom may 
cancel each other out. The atomic interaction rule has a more general form 
than normal that permits any preorder over atoms to be defined, where a 
preorder is a reflexive transitive relation. This enables what we will call 
subsorting over atoms, that we introduce due to applications of this work to 
subtyping [15, 11]. 
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Considering propositions in a sequent as resources, the rules that par- 
tition resources are the times rule and the mix rule. The mix rule allows 
propositions in a sequent to be partitioned in any way, whereas the times rule 
ensures that the partition is chosen such that the two propositions separated 
by the multiplicative conjunction remain separate. The presence of the mix 
rule simplifies the calculus since there is only one self-dual multiplicative unit 
I [17], that we call simply unit. Elsewhere in the literature, presentations of 
MALL without the miz rule have two distinct multiplicative units, but most 
models of linear logic identify these units [2]. 


The proof theory. A proof in the sequent calculus is a tree of rules 
such that all leaves of the proof tree are axioms. Proofs in MALL enjoy a 
cut elimination result, which means that any proof established using the 
following cut rule can also be established without the cut rule. 


ERT EEA 
LTA 


cut 


In proof theory, a rule that can be added to a proof system without changing 
the propositions that are provable are called admissible. Thus the following 
result is a special case of Girard’s cut elimination proof for linear logic [17], 
elaborated in several other references [38, 18]. 


Theorem 1 The cut rule is admissible for MALL. Specifically, if there is a 
proof a proposition T using the rules of MALL and cut, then we can construct 
a proof of the proposition T using only the rules of MALL. 


The proof is constructive since the proof is an algorithm that transforms one 
proof into another proof. The cut elimination result can be regarded as a 
transitivity property of linear implication in MALL, since a corollary is that: 
if T — U and U - V hold, then F T’ — V holds. 

Several standard properties of MALL will be employed in this work. 
Firstly, the following result follows from a straightforward induction and 
establishes the reflexivity of implication. 


Proposition 1 For any proposition T, | T,T holds. Consequently, the 
following axiom is admissible in MALL. 


anteraction 


LTT 
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Define a MALL context to be a context with one hole { - } constructed 
from the following grammar, where © € {®, ||, @, &} and T is any proposition 
of MALL. 


C{ }z={-}/Toc{ }l|c{ yor 


Note that negation is not part of the syntax of MALL, except over atoms, 
so cannot appear in the context. The absence of negation in contexts is 
to ensure that contexts preserve the direction of implication. Thereby, the 
following proposition follows by straightforward induction. 


Proposition 2 If T —o U holds then, for any MALL context C{ }, it 
holds that} C{ T } -C{ U }. 


We also know that the fragment MALL is decidable, by the following 
result due to Lincoln et al. [33]. 


Theorem 2 The problem of searching for a proof of a proposition in MALL 
is PSPACE-complete. 


The above result in the original paper by Lincoln et al. was for MALL without 
the mix rule or subsorting for atoms. However, neither the inclusion of the 
mix rule nor subsorting of atoms affect the proof of the above proposition, 
as long as the decision problem for subsorting of atoms is in PSPACE. Thus 
MALL is of the same complexity as intuitionistic propositional logic [43], 
relational algebra [51], and the canonical PSPACE-complete problem QBF, 
hence there exist mutual polynomial time encodings. 

In anticipation of results later in the paper, we establish the following 
lemma. 


Lemma 1 The following propositions hold in MALL, assuming Fa < b. 
FI—0@ || b FT@(U|V)—-~(TEeU)|V 
FKI—ol&I +T—-oT OU FU TSU 


F(T U)& (TV) TI U&Vv) 


t (P®Q)@ (RBS) || (P| R)&(Q |S) 
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Proof: 
proofs hold. 


Fa<b 
Fall b 


FI1—o@ | 


| b 


Assuming F a < b holds in the subsorting system, the following 


a 
E1&I 
KFI—1IT& I 


By using the interaction axiom and the rules of MALL the following 


proofs can be constructed. 


Uae KV,V — = 
LT,T POV) Vv Bae ee 
= LT, roeu bU,T@eU 
/T,(U@V),(T@U),V 
-T—~.TO@U FU—-oTO@U 
LT @(U||V)—~(T@U)||V 
FET ‘FU,U FT,T EYV,V 
EPTeuU,r.U PT @V,7,V 
| (T@U) ®(T@V),T,U + (T@U)@(T@V),T,V 
+ (T@U) @(T@V),TUKV 
F(T | U)& (PV) -T | U&V) 
F P || R, (P || 2) Q115,(Q || S) 

+ P@(R@S),(P|| R) + Q@ (ROS) ,(Q|| S) 
+ (P6Q) @ (RES), (P || R) + (P@Q) @ (RSS), (Q|| S) 
t (P®Q) (ROS) ,(P|| R)&(Q|| 5) 

F (P&Q)® (RES) || (P| R) & (QS) 


By Proposition 1, the above proofs also hold in MALL. 


The above lemma can be considered initially to be examples of proofs 
in MALL. However, the above lemma will be used in Section 5, where MALL 
is used as a reference to establish complexity results. 
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3 Introducing the Non-commutative Operator 


By introducing a non-commutative operator in MAV, a new proof theoretic 
formalism is required, called the calculus of structures [20]. The calculus of 
structures enables certain logical systems that can not be expressed in the 
sequent calculus [50], to be treated proof theoretically. 

A variety of logical systems, including the calculus BV, have been 
studied in the calculus of structures. BV is a conservative extension of 
multiplicative-only linear logic (with mix) extended with a self-dual non- 
commutative operator called seq. In this work, we consider a conservative 
extension of multiplicative-additive linear logic (with mix), as introduced in 
Section 2, with the self-dual non-commutative operator seq. 

When introducing the calculus of structures [20], Guglielmi makes the 
following statements as one of his two major aims, further to the aim of a 
deeper understanding of the non-commutative logic called pomset logic [39] 
— a logic whose semantics is defined using generalised proof nets: 


If one wants to extend pomset logic to more expressive logics, 
then the sequent calculus usually is a better formalism than proof 
nets, because it is more versatile, for example with exponentials 
and additives. 


Following the above stated aim, the versatility of the calculus of struc- 
tures has been demonstrated by expressing the semantics of BV extended 
with exponentials, called NEL — a system that enjoys a generalised cut 
elimination result [49, 22], and is undecidable [46]. 

StraSburger [45] provides a proof of a generalised elimination result for 
propositional linear logic, including the additives, directly in the calculus 
of structures. StraBburger’s work heavily inspires the proof in this paper. 
However, the presence of the non-commutative self-dual operator and also a 
self-dual unit considerably complicate the proof in this work. This paper 
is the first to explicitly and directly address a proof calculus where the 
additives and self-dual non-commutative operator seq coexist, in a system 
named multiplicative additive system virtual (MAV). MAV is an extension of 
basic system virtual (BV) and multiplicative additive linear logic (MALL). 


The syntax of MAV. The syntax of MAV is the syntax of MALL extended 
with a non-commutative operator called seg. Seq was introduced in the 
system BV. The following grammar defines the syntax of propositions in 
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MAV. 
P= 1 unit 
a positive atom 
a negative atom 


T;T sequential composition (seq) 
T ||T parallel composition (par) 
T@T times 

T @T internal choice or plus 
T&T _ external choice or with 


We clarify the notation to facilitate comparison with related work. We 
use the notation || for par where elsewhere the notion 7? or square brackets 
[-, -] is used. This is to draw an intuitive connection between par and 
parallel composition operators in process calculi that permit interaction and 
interleaving. We use overline @ to denote negative atoms, where elsewhere 
a+ is used. This is to drawn an intuitive connection between negated atoms 
and output in process calculi. Also we prefer the semi-colon to the operator 
< or angular brackets (- ; - ) due to the ubiquitous use of the semi-colon for 
sequential composition. Work by Bruscoli [6] and forthcoming work by the 
authors on weak complete distributed simulation put the process calculus 
intuition on a precise foundation. 

To reduce the number of brackets in propositions we assume an operator 
precedence. We assume that the multiplicatives times ®, par || and seq ; 
bind more strongly than the additives plus 6 and with &. 


The semantics of MAV. The semantics of MAV is defined by a term 
rewriting system modulo an equational theory. The rewrite rules and equa- 
tional theory are presented in Fig. 2. As standard for term rewriting, the 
(bidirectional) equations can be applied at any point in a derivation, and 
the (unidirectional) rules can be applied in any context, where a context 
C{ } is any proposition with one hole { - } in which any proposition can be 
plugged, as defined by the following grammar where © € {;, ||,@,@, &} and 
T is any proposition. 


C{ r= {-}/TOC{ Fi Ct Jor 
Thus we have the following implicit rule for applying any rule in any context. 


C{ T }—>C{ U } only if T —>U context closure 
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We also have the following congruence relation that serves a similar role 
to the exchange rule in the sequent calculus. The main differences compared 
to sequents is that exchange can occur deep within any context and can be 
applied to par, seq and times structures, not only par structures. 


TWUIVaSTIGWV) rilvyse|Vv PitsPT 
(T@U)@V=ETR(U®SV) T@U=UEV Tel=T 


(evel Usv) rae TIS e 


Since equivalence is a congruence — a reflexive, transitive, symmetric relation 
that holds in any context — we have the following standard assumptions. 


T=T if 7 =U and U =V, then T=V 


ifT=U thn U=T if T=U then C{ T }=C{ U } 


The equational system ensures that (T,;,1) is a monoid, and both (T, ||, 1) 
and (T,®,1) are commutative monoids. To quotient propositions by the 
equational theory defined above, the following congruence rule can always 
be applied to any rule. 


if V =T and T —> U and U=W, then V —> W_ congruence 


The term rewriting system in Fig 2 defines the deductive rules of 
multiplicative additive system virtual (MAV). We briefly explain the rewrite 
rules. 


e The atomic interaction rules enable a negative atom and positive atom 
to annihilate each other, whenever the negated atom is a subsort of 
the positive atom. The only assumptions are: firstly, to preserve 
consistency, the subsorting system must define a preorder (a reflexive 
transitive relation); secondly, to preserve the time complexity bound, 
the complexity of determining whether one atom is a subsort of another 
atom must be in PSPACE. 


Permitting any preorder as a subsorting relation enables considerable 
creativity. For example, in the companion paper for this work [11], 
the authors define atoms such that they carry the type of message 
exchanged in a protocol. For example, if sorts are regular expression 
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I&I1—+1 tidy a || b —> IT only if a<b atomic interaction 
(T@U)||V—Te(U||V) switch 
(TU) ||V;W)—> (LIV); |W) sequence 
TOU —>T left T@U —>U right 
(T&U)||V— (TV) &(U || V) external 


(T;U)&(V;W) > (T&V);(U&W) medial 


Figure 2: Term rewriting system modulo an equational theory for MAV. 


types for XML [27], the subsorting can be induced by a subtype system, 
which defines a preorder hence preserves consistency but increases 
time complexity since subtyping is EXPTIME-complete. In contrast, 
when sorts are any partial order over finite types (without recursive 
types) defined by a finite number of subtype inequalities [14], then the 
complexity class is also preserved. 


e The switch rule captures the essence of the rule for times in linear 
logic. The rule focuses a parallel composition on where an interaction 
takes place and forbids interaction elsewhere. A similar rule appears 
in categorical models of linear logic [12]. 


e The sequence rule arises in the theory of pomsets [19]. The rules 
also appears in concurrent Kleene algebras [23]. The rule strengthens 
causal dependencies. If we consider two parallel propositions to be 
two threads, then seq introduced a barrier across two parallel threads 
where there is a certain point that both threads must have reached 
before either thread can proceed. 


e The left and right rules represent an internal choice where we, as 
the prover or designer of a runtime, have control over the branch 
to select. The external rule represents when we the prover cannot 
determine which branch will be selected; hence must analyse both 
possibilities as independent branches of the proof in parallel. The tidy 
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rule simply acknowledges when two branches in an external choice 
have both completed successfully. 


We assume that following restrictions, to avoid rules that can be applied 
infinitely. The most subtle case below is for the medial rule, which will be 
explained when required in the proofs. 


e The switch rule is such that T #1 and V £1. 
e The sequence rule is such that T #1 and W #1. 
e The external rule is such that V #1. 


e The medial rule is such that: either P #1 or R #1, and also either 
Q#lorS#i. 


Since rules can only be applied finitely, proof search is finite. Thereby, MAV 
defines an analytic proof system, which is a system that behaves well for proof 
search. The exact definition of an analytic proof system varies depending on 
the proof calculus, but hinges on the rules being finitely generating. For a 
discussion on analytic proof systems in the calculus of structures see [7]. 
We extend the complementation operator, overline, to all propositions 
using the following function that transforms a proposition into its comple- 
mentary proposition. The only new case compared to the complementation 
operator for MALL in Section 2 is for the non-commutative operator seq. 


a=@ 121 @svjer|u @WlH=Tev 


P;Q=P;Q (TeU)=T&U (TKU)=TOU 


The above function transforms any proposition into a proposition in negation 
normal form, where complementation applies only to atoms, as permitted 
by the syntax of propositions. We deliberately do not include complemen- 
tation for arbitrary propositions in the syntax for propositions, since the 
contravariant nature of complementation complicates the rewriting system 
without any gain in expressive power [20]. 


Proofs in MAV. In the calculus of structures a proof is a special derivation 
that reduces to the unit, where the unit represents a successfully completed 
proof. As a slight abuse of notation, —> denotes its own reflexive and 
transitive closure. 
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Definition 1 A derivation T —> U of length 0, holds only if T =U. Given 
a derivation P —+ Q of length n and a rule instance Q —> R, P —> R is 
a derivation of length n +1. 

If for any derivation T —+ 1 holds according to the term rewriting 
system of MAV, then we write | T, and say that T is provable. 


As with MALL, complementation is used to define linear implication in 
MAV, where T' —o U is defined as T || U. Since linear implication involves 
complementation, linear implication is not part of the syntax of propositions 
but is a derived concept. The consistency of MAV can be seen as establishing 
that the relation defined by all provable linear implications is a preorder, i.e. 
a reflexive transitive closed relation. 


Reflexivity. Reflexivity of linear implication can be established straight- 
forwardly. Since T — T is defined as T || T, the following proposition is 
simply a reflexivity property of linear implication in MAV. 


Proposition 3 (Reflexivity) For any proposition T, + T || T holds. 


Proof: The proof proceeds by induction on the structure of T’. 

The base cases for any atom a follows immediately from the atomic 
interaction rule. Since subsorting over atoms is reflexive, | @ || a. The base 
case for the unit is immediate by definition of a proof. 

For the induction hypothesis assume that + T || T and + U || U. 
Thereby, the following cases hold. 

Consider when the root connective in the proposition is the times 
operator. The following proof holds, by switch and the induction hypothesis. 


(T@U)|| (TeV) = T|U| (TeV) (T|T)@eU |v) 1 


The case when the root connective is the par operator is symmetric to the 
above. 

Consider when the root connective in the proposition is the seq operator. 
The following proof holds, by the sequence rule and the induction hypothesis. 


Tj OIGsvY= TsO.) IT); Gly) 


Consider when the root connective in the proposition is &, the external 
choice operator. By induction, external, left, right, and tidy, the following 
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proof holds. 


(TRV) || (T&U)= (Fev) | (T&U) 
— (Tov) ||T&(Tev)\|U 


The case for when internal choice, 6, is the root connective is symmetric to 
the case for external choice. 

This completes the case analysis. Therefore, by induction on the size of 
the negated proposition, the proposition holds. 


Cut elimination. The main result of this paper is the key result required 
to establish that linear implication is a transitive relation. The following 
result is a generalisation of a consistency result called cut elimination that 
appears commonly in proof theory. 


Theorem 3 (Cut elimination) For any proposition T, if + C{ T@T }, 
then C{ I}. 


The above theorem can be stated alternatively by supposing that there is a 
proof in MAV that also uses the extra rule: 


I1—+T@T (co-interact) 


Given such a proof, a new proof can be constructed that uses only the rules 
of MAV. In this case, we say that the rule co-interact is admissible. 

The proof of Theorem 3 involves a technique known as splitting in- 
troduced in [20]. The following section proves the necessary lemmata to 
establish the above theorem. 

Before proceeding with lemmata, we provide a corollary that demon- 
strates that a consequence of cut elimination is indeed that linear implication 
defines a preorder. A stronger statement is proven: since implication is 
preserved in any context, it is a precongruence. 


Corollary 1 Linear implication is a precongruence — a reflexive transitive 
relation that holds in any context. 


Proof: For reflexivity, T —o T holds immediately by Proposition 3. 
For transitivity, suppose that T —o U and U -» V hold. Thereby the 
following proof can be constructed. 


(T || (U@U) || V) + (| U) el Vv) 1 
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Hence, by Theorem 3, + T' || V as required. 
For contextual closure, assume that T —o U holds. By Proposition 8, 
and switch we can construct the following proof. 


C{T}||c{ (TeT)|U} —c{T}||c{ TeV) } 
—C{T}||c{T}—1 


Hence by Theorem 3,+ C{ T } || C{ U } as required. 


Discussion on the medial rule. Most rules of the calculus are either 
lifted directly from BV or directly from a system for MALL in the calculus 
of structures, such as LS [44]. The exception is the medial rule. 


(P;Q)&(R;S)— (P&R);(Q&S)_ medial 


To consider a situation where this medial rule is necessary consider the 
following example propositions, with atoms a to j. 


Q+ (a; (6;e&d;e)) || (fF; @ih&i;3)) 
R= (a; (b@4); (c@e)) @(f ; (g G4) ; (ROS) 
S= ((a;(b@d)) @(f; (9 @4))) ; ((CBe) ®@(h®J)) 


Now notice that, without the medial rule the following implications are 
provable: + Q —o R and + R-© S. Therefore, for a system satisfying cut 
elimination and hence with a transitive implication, we would expect that 
+ Q -© S holds. However, if we exclude the medial rule from MAV then 
+ Q —© § does not hold. 

If we include the medial rules in MAV, then we can establish the 
following proof of + Q —© S, where firstly the medial rule is applied twice 
inside Q, secondly the sequence rule is applied twice, and finally reflexivity 
of implication is applied twice. 

Q || S (a; (b&d) ;(@ 
| (Cla; (6@d)) @ 


— ((@; (6& a) I (Fs G&A) I 
((E&e) || (A&J) || (ee) 


oe : ext 
( 


Z 
@ ® 
oe 


Thus the medial rule is sufficient to achieve transitivity of implication in 
this case. The fact that it is sufficient in all cases is of course established by 
the main cut elimination result of this paper. 
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4 Splitting, Context Reduction and Elimination 


Proofs of generalised cut elimination results in the calculus of structures can 
be achieved through several means. Several approaches were investigated in 
obtaining the current proofs presented. Before proceeding further we briefly 
explain why the current approach has been adopted. 


For classical propositional logic, a graphical normalisation approach, 
called atomic flows [21], has been developed. Atomic flows are graphs that 
track the contraction and interaction of atoms in proofs. Unfortunately, 
atomic flows have not yet been successfully adapted to logics based on linear 
logic, such as MALL. This is likely to be because current work on atomic 
flows relies on an interplay between interaction and contraction that cannot 
be exploited when, as in linear logic, contraction applies only to the additives 
while interaction applies only to the multiplicatives. However, we suspect 
that further insight into cut elimination can be gleaned from adapting atomic 
flows. The hint that such an approach may be possible is that the medial 
rule that mysteriously appears in MAV, arises naturally when contraction is 
reduced to an atomic form [44]. 


Another approach, used for the non-commutative exponential system 
NEL [49] is to apply a technique called decomposition that decomposes a 
proof into normal forms where rules are applied in a certain order. The 
decomposition result for NEL is complex. The proof requires a vast case 
analysis and a complex termination measure. Part of the difficulty with 
decomposition is that it is related to results in proof theory that are known 
to be difficult, such as interpolation [36]. Thus proving a decomposition 
result in order to prove cut elimination is likely to be tackling a harder result 
than necessary. 


Thus our approach proceeds by proving the splitting lemma more 
directly [22], without a decomposition result. However, the decomposition 
technique influences the approach in this work, since the splitting proof 
handles operators in a specific order — firstly the with operator is treated, 
secondly the multiplicatives are treated simultaneously, finally the plus 
operator and atoms are handled. This suggests that there is probably also a 
proof using the decomposition technique. 


The main challenge in this section is devising a termination measure 
that handles a key case where the associativity of seq and the one-way 
distributivity of with over seq interact badly. 
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4.1 Branching and Splitting 


The reason that proofs in MAV are more complex than BV, which is NP- 
complete [30], is the presence of the with operator &. The presence of with 
operators can result in an exponential number of independent branches 
to fully explore during proof search. However, in MALL, each independent 
branch of a proof is polynomial in the size of the syntax tree of the proposition 
proven. This is the basis of the argument that MALL is in PSPACE, as 
expressed in Theorem 2. A similar argument applies to the system MAV, as 
applied in Section 5. 

The trick to control the complexity of normalisation is to hide indepen- 
dent branches of a proof. To illustrate the technique, we provide an example 
of a derivation before proving the lemma in general. Consider the following 
annotated derivation, assuming the following subsorting over atoms: F a < c, 
Fbh<cFa<d,Fb<d. 


(7&5) || (c& (d@e)) 


bhLuibuda 
ot 


In the above derivation, one of the with operators is highlighted in bold & 
and the term to the right of the operator is underscored. This indicates 
that we aim to hide the right branch of that operator, leaving only the 
part of the proposition not underlined, as performed by a function ¢ over 
propositions. The function @ is defined as follows, where © € {;, ||, @,@, &} 
is any (non-bold) binary connective and k € {a,@,1} is any atom or constant 
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proposition. 
CLS) =7 (TOU) =&(T) © &(U) lik) =k 


By applying the function @ to the propositions at each step in the above 
proof and by removing steps that become redundant, we obtain the following 
valid proof. 
a || (c& (dGe)) Gl (c&d) 
— (||c)&(@| 4) 
— I1&(a|| d) 
— I&II G1 


Notice in the example derivation above that there are two with operators 
initially, indicated by & and &, where we do not want to delete the right 
branch of the later. Also notice that, in the course of a derivation the 
bold external choice or with is duplicated by the external rule acting over a 
non-bold with operator, hence there may be multiple bold occurrences of 
with in a proposition. 

By generalising the above observations, the following lemma is obtained. 
The lemma states that we can split a proof involving the with operator & 
into two proofs. 


Lemma 2 (Branching) /f-/ C{ T &U } then botht C{ T } and C{ U }. 


Proof: The proof works by constructing two proofs such that the respective 
left and right formula of the with connective are removed. To do so, we 
remove deductive rules that either involve the with connective concerned, or 
appear inside the branch to be removed. We provide only the case where 
the left branch is selected, the other case is symmetric. 

The induction hypothesis is that if T has a proof of length n, then we 
can construct a proof of ¢(T). The base case is when ¢(T) = T (e.g. when 
T =1), in which case we are done. The inductive cases are listed below. 


Consider when the bottommost rule of a proof involves a bold with as 
follows: 


CT eelet}— se reorvis 


where C{ T & D{ V } } has a proof of length n. Hence, by the induction hy- 
pothesis, F @(C{ T & D{ V } }) holds. Furthermore, ¢(C{ T & D{ V } }) = 
£(C{ T&D{U } }). Hence t €(C{ T & D{ U } }) holds, as required. 
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Consider when the bottommost rule of a proof involves a bold with as 
follows: 
C{ (T&U)||V } 4 C{ (TV) & UV) } 


where C{ (T || V) & (U || V) } has a proof of length n. By the induc- 
tion hypothesis, F ¢(C{ (T || V) & (U || V) }) holds. Furthermore, it is 
clear that ¢€(C{ (T || V) & (U || V) }) = €(C{ (T &U) || V }). Thereby 
 £(C{ (TF &U) || V }) holds, as required. 


Consider when the bottommost rule of a proof involves a bold with 
operator as follows: 


C{(T;U)&(V;W)} > C{ (THV);U&W) } 


where C{ (T & V) ; (U & W) } has a proof of length n. By the induction 
hypothesis, + £(C{ ( & V) ; (U & W) }) holds. Furthermore, it is clear 
that €(C{ (T &V);(U&W) }) = e(C{ (7; U) & (V; W) }). Thereby 
F £(C{ (1; U) & (V ; W) }) holds, as required. 


Consider the case where C{ 1 & 1 } —>C{ 1}, where C{ I } has a proof 
of length n. By the induction hypothesis, + @(F C{ 1 }) holds. Furthermore 
€(C{ 1&1 }) =l(C{ 1 }); hence + £(C{ 1&1 }) as required. 

In all other cases, C{ T } —> C{ U }, by any rule, such that C{ T } 
has a proof of length n and also ¢(C{ T }) # €(C{ U }). By induction, 
+ €(C{ U }) holds. Therefore, by applying the same rule, we can obtain a 
proof of £(U). 


All cases are exhausted, thereby if + T holds then | ¢(T) for any length 
of proof. Whence, by assuming that C{ T & U } holds, we can construct 
a proof of €(C{ T&U }) =C{ T }. A symmetric argument using a right 
projection on the bold with operator constructs a proof of C{ U }. 


Killing contexts. To handle branching caused by the with operator, 
all independent branches of a proof must be tracked until they are all 
completed. To track independent branches of a proof search, similarly to 
Stra®burger [45, 9], we require the following notion of a killing context. 


Definition 2 An n-ary killing context T{ } is a context with n holes such 
that: 


e ifn =1, then T{ } ={.- } where { - } is a hole into which any 
proposition can be plugged; 
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e ifm>1andn> 1, then if T°{ } is a m-ary killing context and 
T'{ }isann-ary killing context, thenT°?{ }&T'{ }isa(m+n)-ary 
killing context. 


Killing contexts have several nice properties. Firstly, if you fill all holes 
with the unit, then the resulting proposition is provable. Secondly, killing 
contexts distribute over parallel composition, as expressed in the following 
lemma. 


Lemma 3 For any killing context T{ }$, T{1,...,1 } and the following 
derivation holds. 


PN TOUS cs ST | OT | Ucar Ie 


Proof: The proofs follow by straightforward inductions over the structure 
of a killing context. 

There are two base cases. When the killing context is the top only 
T || T —>T and T —+ 1, as required. When the killing context is one hole 
only T || { U}={T || U } and {1} =1, as required. Now assume that by 
the induction hypothesis the following hold for killing contexts T'{ } and 
Tt tend also eT teh band FTA at be 


T || T*{ U,...,U0m} TY T || (,...,T || Um } 
halide ewes were Ome mee a rs (a! ad | Wp a Pee Sal Sere 


Hence, by distributivity the following derivation can be constructed. 


T || (Ft yee SU ACT Um+1,--»,Um4n }) 
et TO, ne Fe WTAE Can es ee 
SPAT || UisaE | Un eI TF || Une, f || Une t 


Furthermore, 71{ 1,...,1} & 7?{1,...,1} —+>1&1—> 1 holds. 

For readability of large formulae involving an n-ary killing context, 
T{ } and family of n propositions U;, U2, ..., Un, we introduce the shortcut 
notion. T{ Uji: 1 <i<n} isa shortcut for T{ U1,U2,...,Un }. In special 
cases, we also use the notation T{ U;: i € I } where J is a finite subset of 
natural numbers indexing Uj. 

The following lemma is used for the most troublesome case in the 
splitting lemma. It is critical for coping with the sequential operator in the 
presence of the additives — the only case of the splitting lemma that demands 
the medial rule. The case analysis considers carefully the restriction on the 
medial rule, by using the observation that (P ; 1) & (Q ;1) =(P&Q) ;land 
hence the medial rule is not required in such cases. 
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Lemma 4 Assume that I is a finite subset of natural numbers, P; and Q; 
are propositions, fori € I, and T{ } is an n-ary killing context. There exist 
killing contexts T°{ } and T'{ } and sets of natural numbers J C I and 
K CTI such that the following derivation holds. 


T{ PB Q4€T} SPL BFE TEST {On ke K } 


Proof: Proceed by induction on the structure of the killing context. 
For the base, case consider the killing context consisting of one hole, hence 
{P;Q}={P}; {Q}, as required. 

Now consider the case for a (m+ n)-ary killing context defined as 
follows. 

PLP Qitelt&eT{ Ps Qi:ieh } 

There are three cases to consider. If P; = 1, for all i € I7 Ui, then the 
following equivalence holds. 


PLP Q::1€ hb} &T{Lhs: Q:ieh } 
=I1;7{ Q:1€ hb} eT HY Q:1Eh } 


Similarly, if Q; =1 for all 7 € Ig UN, then the following equivalence holds. 


T {P35 Qi:te Il JRTYL Rs Qtech} 
HET {Priel j}&eT{ Pie h };1 


Otherwise, by induction we have the following derivations where Jo C Ip, 
Ko Clo, Ji CG and ky C hh. 


T°{ Pi3 Qi: In } — TP { Pi 9 € Jo} 5 PL Qe: k € Ko } 
TL Ps Q:1E€h }oOB{ PGE ASST Qe: ke Ki } 
Hence by the medial rule the following derivation can be constructed as 


required, since either 7? { Pj: 7 € Jo } Flor Th { Pj: 7 € Jy } #1 and also 
either 7? { Qu: k € Ko } #1 or T{ Qy: kK E Ki SFL 


PPO eve lg pe FeO seed} 
— (Te{ Pj: 5 € Jo}; TRL Qe: KE Ko })& 
(Fo { Pi: 9 € At $5 TLL Qe: ke K }) 
— (WL PFE JSUT {PGE }); 
(Fr4 Qe: kE€ Ko} & TH Qe: ke RK }) 


Notice that T?{ }&7l{ } and 7P{ }&7/{ } are two killing contexts 
and Jo U Jy C Ip Uy and Ko U ky C Ip US, as required. 
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The size of a proof. As an induction measure in the splitting lemma, we 
will require a measure of the size of a proof. To define the size of a proof we 
require the following definition of the size of a proposition. The size of the 
proposition is defined using multisets of multisets of natural numbers with 
a particular ordering. Multiset orderings are an established technique for 
proving the termination of procedures [13]. 

The multiset of multisets employed here is more complex than the 
multiset ordering for LS [46] (a formulation of MALL in the calculus of 
structures), due to subtle interaction problems between the unit, seq and 
with operators. In particular, applying the structural rules 1; P= P=P;1 
and the medial gives rise to the following rewrite. 


CL P&Q}HC{ (P53) &1;Q) }>C{ (P&I); T&Q) } 


In the above derivation, the units cannot in general be removed from the 
proposition on the right hand side; hence extra care should be taken that 
these units do not increase the size of the proposition. This observation 
leads us to the notion of multisets of multisets of natural numbers defined 
below. 

A multiset of natural numbers is a set of natural numbers where numbers 
may occur more than once. To define the multiset ordering, we require the 
standard multiset (disjoint) union operator U and a multiset sum operator 
defined such that M+ N={m+n:meM andne N}. 

We also define the following two operators over multisets of multisets 
of natural numbers. If M and N are multisets of multisets, then we define 
pointwise plus and pointwise union as follows. 


MHN={M+N,MeM and NEN} 
MUN ={MUN,MeM and Ne N} 


The following function defines the multiset of multisets representing the 
size of a proposition. 


lH] = {{O}} la] = Jal = {{1}} 


|P || Q| = |P| B1Q| IP & Q| = |P 6 Q| =|P|UI|Q| 
|P| ifQ =I 
IP@Ql=|P;Q|\=4 |Q| if P= 


|P| U|Q| otherwise 
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Over multisets of natural numbers, we define a multiset ordering M < N 
defined if and only if there exists an injective multiset function f: M— N 
such that, for allm € M, m < f(m). Strict multiset ordering M < N is 
defined such that M< N but MAN. 

We now define a different multiset order over multisets of multisets 
of natural numbers. Given two multisets of multisets M and NV, MCN 
holds if and only if M can be obtained from N by repeatedly removing a 
multiset N from N and replacing N with zero or more multisets M; such 
that M; < M. MCW is defined when MEN but MAN. 

Most of the following properties, required in proofs, are standard for mul- 
tisets. The properties concerning multisets of multisets of natural numbers 
are treated more carefully. 


Lemma 5 The following properties hold for multisets of natural numbers 
K, M and N and multisets of multisets of natural numbers K, M and N. 


M+N=N+4+M (K+M)+N=K+(M+N) 
MUN=NUM (KUM)UN=KU(MUN) 
K+(MUN)=(K4+M)U(K+N) 


M+{0}}=M M<MUN M<M+{1} {0} <M 


if {{O}} CM and {{0}} CN then MUN TC MBN 


KU(MUN) = (KUM)U(KUN) 


KH(MUN) =(KBM)U(K BN) 


KA(MUN) =(KEM)U(KAN) 


Furthermore, < and E are a precongruences. 


Proof: Most properties are standard for multisets. We provide only 
proofs for the final four properties, which involve interactions between the 
two distinct multiset orderings. 


Firstly, assume that {{0}} © M and {{0}} CN. Hence either {{1}} € 
M or {{0,0}} © M and also either {{1}} EN or {{0,0}} CN. For any 
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MeM and N EN, we have that 
MeEMUN and N€ MUN 


and also 
M+NEMAN 


Now, there are four cases to consider. If {0,0} <M then N< NUN = 
{0,0} + N < M4+4N; and similarly if {0,0} < N then M < M+N. 
If {1} < M then N < {1}+ N < M+N; and similarly if {1} < N 
then M < M+N. Inall cases M < M+ WN and N < M+N. Hence 
MUNE MEN. 


Secondly, consider every M € M, N € N, K € K, in which case the 
following hold. 


MUK€E(MUK)UWNUK) andNUK €(MUK)U(NUK) 
and also 
MUKE(MUN)UK andNUK €(MUN)JUK 
Hence (MUK)U(NUK) =(MUN)UK. 


Thirdly, consider distributivity of HH over LU. In this case the following 
reasoning holds, as required. 


(MBK)U(N BK) 


{(M+K)U(N+K): MEM,NEN,K EK} 
{((MUN)+K:MEM,NEN,K EK} 
= (MUN)BK 


Fourthly, consider when M € M, N € N and K € K. In this case the 
following holds 


M+KeEKHB(MUN) andN+K €E€KH(MUN) 


and also 


M+Ke(KBM)U(KBN) andN+K €(KEBM)U(KHN) 


Therefore K B(MUN) =(KBM)U(KBN). 
The key property of multisets is the distributivity of + over U, from 
which we can establish |(P & Q) || R| = |(P || R) & (Q || R)|. Thus, although 
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the abstract syntax tree grows when the ezternal rule is applied, the multiset 
defined size of the proposition remains bounded by the size of the conclusion. 
The following four lemmas formalise the property of rewrite rules that 
rewriting reduces the size of the proposition, where Lemma 7 and Lemma 8 
emphasise the strict multiset inequality in these cases. 


Lemma 6 /[f P=Q then |P| = |Q|. 


Proof: | Consider the cases for the unit hold by the following reasoning, 
using Lemma 5. 


|P || 3] = |P| B {{0}} = [P| 


It; P|=|P 3; =|P@l=|P| 


For commutativity the following arguments hold for par and times 
respectively. 


|P || Q| = |P| BQ] = {M+N:Me|P|,N € |Q]} 
= {N+M:Me|P|,N €|Q|} =|Q|8|P| =|P || Q| 


|P 8 Q| = |P| UIQ] = |Q|U|P| =|Q@ P| 


Associativity properties hold by extending associativity of multisets to 
multisets of multisets. 


(PQ) || Ri= (P| HQ) B/R 

= {(M+N)+K:MeE|P|,N€|Q|,K €|R]} 
{M+(N+Kk):Me|P|,N €|Q|, Kk €|RI} 
= |P|8(Q| B|R|) =|P || (Q || B)| 


If any one of P=1, Q=I1or R=1I hold, then |(P; Q); R| =|P;(Q; R)| 
by definition. If P#Al and Q #1 and RFI, then the following equalities 
hold. 


(P 5 Q); Rl = (P| VlQ)) VIR] = |P/U IQ] UI RI) =|P ; (Q; R)| 


The same associativity argument works for the times operator. 


Lemma 7 Assuming that P £1 and R £1, the following strict multiset 
inequality holds. 


ICL PER) HCIC{ PSQ)|| RFI 
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Proof: If Q #1, then, since R # I we have {{0}} C |R| and hence 
|P| = |P|#{{0}} Cc |P||R; and therefore the following holds by Lemma 5. 


IP@(Q|| R= [P| U(lQ| BRI) 
(|P| 8 | RI) U ({Q| B] RI) 


(1P|U |Q|) BR] = |(P @ Q) || RI 


If Q =1 then, since {{0}} C |P| and {{0}} C |R], the following holds by 


Lemma 5 and Lemma 6. 


|P@ (|| A) = [PUTRI C [P| BR] = |(P 8!) || RI 


Lemma 8 Assuming that Q #1 and R £1 the following strict multiset 
inequality holds. 


IC{ (P || 2); (QS) fl Ct (P; Q) ||] (RS) } 
Proof: If Q@#l1and R #1, then the following holds by Lemma 5. 
|(P || B) ; (Q || S)| 


(|P| 8 | RI) U ({Q| B15) 
(|P| BRI) U (Q| B[S]) U (1P| BI] S]) U (1Q| | R)) 
= (|P/U[Q]) BUR US|) =|(P; Q) (RIS)! 


If Q=land RFI, then, since {{0}} C |RI, and hence |.$| = |S| H{{O}} c 
|S|H|RI, therefore by Lemma 5 and Lemma 6 the following strict inequality 
holds. 


(PIR); Gl S)l= (P| BIR) UIs! 
C (|P| HR) U ([S| | R)) 
[P| JR] US|) = |(P 51) BRI S)| 


A symmetric argument holds when Q #1 and R=1. 
If Q =I and R = 1, then {{0}} Cc |P| and {{0}} Cc |S|; hence the 
following strict inequality holds by Lemma 5 and Lemma 6. 


(PI) EMS) = [PLUS [P| AS] = (P54) |] G3 5) 


Lemma 9 [f P —> Q, then |Q| C |P|. 
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Proof: The proof proceeds by induction on the number of rules in a 
derivation. The base case holds, by Lemma 6. 


Consider the case for the switch rule, in a derivation of the following 
form, where P#1land R#€1. 


S—>C{ (P@Q)||R}—Cc{ P@(Q|| R)} 


By Lemma 7, |C{ P®(Q || R) }| C |C{ (P @Q) || R }| and, by induction, 
IC{ (P@Q) || R }| E |S]; therefore |C{ P ® (Q || R) }| C |S]. 


Consider the case for the sequence rule, for a derivation of the following 
form, where P £1 and Q £1. 


T — C{ (P;Q) || (R338) } + C{ (P| RB); (QI S) } 
By Lemma 8, |C{ (P || 2); (Q || 5) JIC IC{ (PQ) || (A; S) }| and, by in- 


| 
duction, |C{ (P ; Q) || (R; S) }| E |S]; therefore |C{ (P || R) ;(Q || 5) JIC 
|S|, as required. 


Consider the case for the medial rule, for a derivation of the following 
form, where either P #1 or R #1 and also either Q Flor SF#1. 


T — C{ (P;Q)&(R;S) } > C{ (P&R); (Q&S) } 
For when all of P, Q, R and S are not equivalent to the unit. 
(P&R);(Q&S)|= (|P|URI) U((Q/ US}) 


CE (IPLUIRI) U (QUIS) U (P/U S|) U (Q] UR) 
= (IPI U|Q]) UR] US|) =|; Q) & (R; S)| 


For when exactly one of P, Q, R and S is equivalent to the unit, all cases 
are symmetric. Without loss of generality suppose that S = 1 (and possibly 
also Q =1). By Lemma 5 and Lemma 6 the following holds. 


(|P| URI) U (1Q|U {{0}}) 
(P/U | RI) U (QU |R)) 
(P| UlQ)) UR] = |(P; Q) & (R50) 


\(P & R) 3 (Q&1)| 


There is one more form of case to consider for the medial: either P ¢ |, 
Q=1, R=tand $ £1; 0r P=1,Q#£#1, R#land S =I. We consider 
only the former case. The latter case, can be treated symmetrically. Since 
P#iand S Fl, {{0}} Cc |P| and {{0}} C |S|. Therefore, |P|U{{O}} c 
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|P| U|S| and |Q| U {{0O}} Cc |P|U|S|. Hence, we have established that 
(JP] U {{O}}) U (1Q] U {{O}}) E [P| USI. 

Note that the restriction on the medial rule either P #1 or R #1 and 
also either Q £1 or S #1 excludes any further cases. Hence we have estab- 
lished that C{ (P& R); (Q&S) }CC{ (P; Q) & (R; S) } and since, by in- 
duction C{ (P;Q)&(R;S) } C|T| we have thatC{ (P& R);(Q&S)}C 


|T| as required. 


Consider the case for the external rule, in which case we have a derivation 
of the following form, where R #1. 


S—C{ (P&Q)||R} Cf (P|| R)&(Q|| R) } 
Now, by Lemma 5 we know that the following multiset equality holds. 


(P&Q) | R= (\P/UQ)HR 
= (PIB R)U(Q/ AR) =|(P | R)&(Q || 2) 


Hence, |C{ (P || R) & (Q || R) }| = |C{ (P& Q) || BR }| and also, by induc- 
tion, |C{ (P & Q) || R }| E |S], hence |C{ (P || R) & (Q || R) f| E |S] as 
required. 

The cases for the rules tidy, left, right, atomic interact are relatively 
straightforward to establish by using Lemma 5, since the following multiset 
inequalities hold. 


| I 


Clr&y f[cla&al |PIC|PeQ| |Q 


C|PeQq 


Hence the lemma holds by induction on the length of the derivation. 

We now define the size of a proof | P using a pair consisting of the 
size of the proposition, |P|, and the number of rules applied in the proof 
of the proposition. The pairs representing the size of a proof are ordered 
lexicographically. 


Definition 3 Consider a proof of proposition P that applies m rule in- 
stances. The size of this proof is given by the pair (|P|,m). Suppose that 
the size of a proof of Q is (|Q|,n) then we say that (|P|,m) ~ (|Q|,n) if 
and only if |P| Cc |Q| or |P| =|Q| andm <n. 


Termination Lemmas. The following notable lemma, will be used to 
deal with a troublesome case concerning the interaction between associativity 
of seq and partial distributivity of the additives. For now, consider Lemma 10 
as a substantial example of applying the above lemmata for multisets. 
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Lemma 10 Assume that To #1, Tz #1 and, either U £1 or V #1, and 
the following derivations hold. 


W— >T{ P53 Qi:1<i<n} 


There are two symmetric cases to consider. For the first case, also assume 
that the following derivation holds for every i. 


VQ T'{ Risa 7 im, } 
In this case, the following two strict multiset inequalities hold. 


(Ms TN (OI PIST YL Ri lsism 
 |(Tos Ts 5 7) Il WV) (LI 


IZ 7 { Sj: 1s5 smi $C (557%) I (U5V) WI 


For the second case, symmetric to the above. Instead assume that the 
following derivation holds for every 1. 


U|| ROT { RSs 1 <j <m; } 
In this second case, the following two strict multiset inequalities hold. 


(ts) (TE Si:1<5<m };@I1V))| 
C (To 5TH Te) Il Us V) |W 


\Zo II T*{ Res lsi sm JC WMs5T) I (OsV) WI 


Proof: Consider the case when U #1 and V £1. By definition, the size of 
the proposition on the left is as follows. 


M © |(Zo ; Ti ; Ta) || (U3 V) || WI = (Zo ; Ti] U [Za)) BU ; Vi BW] 


Since W —> T{ P;;Q;: 1 <i<n }, by Lemma 9, the following inequality 
holds. 


IPsQ1C U IR: Q1=IT{ Ri Q:1<i<n}C|W| 


1<i<n 


Hence, since E is a precongruence the following inequality holds. 


(Zo; Ti] U |To|) BIU ; VI B|P;Q:)EM 
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Now since V || Q; —> TY Ri : St: 1<jcm b by Lemma 9, the follow- 
ing inequality holds. 


IN { By Sls ism fC WV | Qi 
Hence the following multiset inequalities hold. 


U [Rj] £ |1V| Bail and U |S#] © |V| |Q,| 


l<jsmj Ilsjsm; 


We can therefore establish the following strict multiset inequality, by Lemma 5. 


Im T{ si:1<i<m } 
~ |TII Tf sist si sm } 
C |T)| B|V|# |Q;| 
C (Jo; Ti] U|72)B|U ; VBI; Qi) CM 


For the other strict multiset inequality, observe that the following strict 
multiset inequality holds. 


(Jo; Ti) B|U ; Vi B\|P;;Q;) cM 


Hence it is sufficient to establish that the following multiset inequality holds. 


|(Zo Ti) I (U Pi) TL RRs Sj < mi }) 


E (|To ; Ti|)B|U ; VIBIP; ; Q:| 


To establish this consider three cases: 
e when U ZlandV F¢I; 
e when U=landV £¢]I; 
e when UFlandV=lL, 


At this point, consider when U #1 and V #1. By repeatedly applying 
distributivity of HH over U and since |P| CE |P; Q] and |Q| EC |P; Q|, by 
Lemma 5, the following holds. 


To ; Ti] BH (U| UV) BLP; ; Qa 
= |To;T1|8((U| B|P; ; Q:|) U (V| BP; ; Q:|)) 
J |To ;Ti| 8 ((|U| B| Pil) UV] B]Qi))) 
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Since LE is a precongruence the following multiset inequality is established, 
as required. 


lms TI (TP) TH Ri si<m })| 


Ios TB (UBIP)U LL [Rl 
1<j<m; 


E |Z ; 71) 8 ((1U] B|Fi) UV] BQ) 


At this point, consider when U = I and V £1, for which we must 
consider three sub-cases: 


e when P; land Q; 4}; 
e when P; =]; 
e when P; land Q;=1. 


If P; #1 and Q; #1 then by Lemma 5 the following multiset inequality 
holds, as required. 


To ; Ti| BV] B (|Pi| U [Q;)) 

To ; Ti| 8 ((V| | Pl) U IV] B 1Q:])) 

To ; Ti| B (|Pi] U (|V| 8 [Qi])) 

T) : T,| 8 (|P,| aa Ris <j<m \\) 


are toe een 


IL} IL Il 


Na 


If P,; =1then by Lemma 5 the following multiset inequality holds, as required. 


To ; T1| B|V| B|Q,| 
J |%>;7;| 4 
= |(To; Th 


TY Ri; Si:1<j<m; }| 
[TH Ris <jsm, } 


Na 


If Q; =land P; #1, hence |P;|U|V| C |P;|B|V| by Lemma 5, the following 
multiset inequality holds, as required. 


[To ; Ti] B | P| BV] 

Zo ; Ti] B (|Pi|U |V]) 

To  Ty| B IPlulTe{ Ris 1<j<m; }) 
(ts 7) | (Gar Ricl<j<m \)| 


aN 
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This completes all sub-cases for when U =I and V £1. 


In the third and final case consider when U £1 and V =I. In this case, 
there are three sub-cases to consider. 


e when P; 41 and Q; #5; 


e when P;=tand Tf Ri: 1<j<mi } #1 
e when T'{ Ris 1<j<m b=y 


Consider the sub-case where P; #1 and Q; #1, in which case the following 
multiset inequality holds, as required. 


|(% 37) | ((u || Pi) rt Ryl<jsm })| 
|T ; Ti| (ivi |Pi]) U rif Ry lSjsmi iH) 
|T> ; T,| B ((\U| B |B) U |Qil) 


[To ; 71/8 ((|U| B | P|) U (U| 8 |Q;|)) 
ITo ; T1| B |U| B (|Pi| U|Qi)) 


HIT 


Consider the sub-case where a Ri: 1<j<m; \ #land P; =1. Hence 


ulufr{ Ris <j<m i = ac] cat Risl<j<m \), by Lemma 5 
since also U #1. Thereby the following multiset inequality holds, as required. 


lm sTH (Us TL Rist si<m })| 
IT ;T)| B wlulr{ Risl<j<m \)) 
Tos Ti] B (|U| BLT Rj: 1<7<m, }/) 


ITo ; T1| B (|U| B |Q:|) 
|To ; Ti| B|U| B|Q,| 


Consider the sub-case where sa Ri: 1<j<m,; > =1, in which case the 


following multiset inequality holds since |P,| E |P; ; Q;| by Lemma 5, as 
required. 


(Zo ; T1) || U | Pil 


|To ; T1| A |U| | P;| 
[To ; T1| B|U| BLP; ; Q:| 


1 Il 
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This completes the sub-case analysis of the case when U #1 and V =1. 
Thereby all cases have been considered for the first part of the lemma. 
The analysis of the second part of the lemma is symmetric to the first. 
We will also require the following lemma for the most involved case 
concerning times in the proof of splitting. 


Lemma 11 For the following assume that T #1 and U #1 and also the 
following derivations hold. 


W > T{ Ri || Siz 1<i<n} 
Ri —> TP{ PP Qi: 1 <7 < md } 
ViISi TY Pe Qe sick sm } 
For any i, 3 and k, the following two strict multiset inequalities hold. 


ent 
al esraaea 


C |(P@U) || V || WI 


ee oe cirenjiviiw 


Proof: Since T #1 and U £1, by definition. 


M=|T@U)||V | Wl = (Z| UIC) BlV| B|W 


Since W —> T{ R; || Si: 1 <i<n}, by Lemma 9, and by Lemma 5 we 
have the following. 


[Pi] B)S;) CE |T{ Ri || Si: l<isn jE |W] 


Hence, since E is a precongruence we have. 


(\7|U |U|) B|V| B|R,| BS] € (Z| U |U]) B|V| |W] 


Now since V || 5; — ra pe | OF Lk i by Lemma 9 and 


Lemma 5 we have. 


rs aa 


ef sloe | c raf a aftr ceeme FEW 


Similarly, since R; —> 


Lemma 5 we have. 


FB Ja%° 


2,0 
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Since CE is a precongruence the following multiset inequality must hold. 


E (|T]U|U)) B|V| BR] |S; 


2,0 
(IT| U |u|) BP; 


| Ja; 


a ee 


ss lay’ 


Hence we have the following two strict inequalities, since MC MUN by 
Lemma 5, as required. 


ir Pe?) [Pe] c (IT| Uo) 68 [Pel a |Q}?| eB Pe" | &8 [Qy"| 
JU] 8 [Q)°| Bae") c (TU IO) 8 LPP) & [Q%°| 8 [P| eB Qy"| c 


The splitting technique. The splitting proof technique was established 
in the calculus of structures to prove cut elimination for the calculus BV [20], 
and has been extended to other systems [22, 40]. Splitting works strictly in 
a shallow context, which is a context like a sequent, where the object-level 
operator || and meta-level operator comma collapse to one operator. 

Splitting says that you can pick any proposition in a shallow context, 
which we call the principal proposition, and rewrite the rest of the shallow 
context into a form consisting of several independent branches, tracked by a 
killing context, where in each branch a rule for the principal proposition can 
be applied, e.g. the sequence rule for seq, or the left and right rules for plus. 

The splitting is divided into the remaining lemmas in this sub-section 
(Lemmas 12, 13 and 14). The multiplicative operators ® and ; must be 
treated together since they involve a mutual recursion, Lemma 2 and the 
lemmas regarding multiset orders. The remaining splitting lemmas for plus 
(Lemma 13) and atoms (Lemma 14) can be treated independently, since 
they each rely only on Lemmas 2, 12 and simple properties of multisets. 
Notice that the splitting lemmas for plus and atoms are weaker than the 
splitting lemma for the multiplicatives, since the termination measure for 
the multiplicatives is used in the other two proofs, but not vice-versa. 

The proof of each splitting lemma proceeds by induction on the size 
of a proof in MAV. In each splitting lemma, there are three forms of cases 
to consider. When the principal proposition is actively involved in the 
bottommost rule in the proof, we call it the principal case. When the 
principal proposition is inside the part of the proposition modified by the 
bottommost rule in a proof, but the root connective of the principal formula 
itself is not touched, we call it a commutative case. The final form of case 
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is when a rule is applied entirely inside or independently of the principal 
formula, which we call a deep inference case. 


Lemma 12 (Splitting multiplicatives) The following statements hold. 


e If (S@T) || U, then there exist propositions V; and W; such that 
tS || Vi andt+ T || Wi, where 1 <i<n, and n-ary killing context 
T{ } such that U —+ T{ Vi || Wi,...,Vn || Wn }. 


e Ift (S;T) || U, then there exist propositions V; and W; such that 
tS || V; andt T || W;, where 1 <i<n, and n-ary killing context 
T{ } such that U —> T{V,;W1,...,Vn; Wa }. 


Furthermore the size of the proofs of S || V; and T || W; are less than the 
size of the proofs of (S@T) ||U and (S;T) || U. 


Proof: The proof proceeds by induction on the size of proofs of the 
forms (S;7T) || U and (S@T) || U. The size of proofs is given by the 
lexicographical order of the size of the proposition and the number of rule 
instances, as in Defn. 3. The base case is when the length of such proofs are 
0, hence S = 1, T =! and U =1. In this case the following derivations of 
length zero, 1=1|| 1 and 1=1;1, satisfy the induction invariant. 


Principal times case: Consider the principal case for times. The principal 
case, when times is actively involved in the bottommost rule, is a proof that 
begins as follows, where Tp ® Up #1 and also V £1, otherwise the switch 
rule cannot be applied, and also Tp ® T; # I and Up ® U; #1! otherwise 
splitting follows by a trivial equivalence: 


(Tp ® T, ® Up ® Uj) || V || W — (Tp @ Up ® ((T1 @ U1) || V)) || W 


such that + (To ® Up ® ((T, ® U4) || V)) || W. Furthermore, since Tp>@Up # 1 
and also V £1, the following strict inequality holds by Lemma 7. 


(Zo ® Uo ® ((T1 @ U1) | V)) || WI |(Zo @ T, ®@ Uo @ M1) || V || W| 


Therefore the size of the proof is reduced and hence the hypothesis may be 
applied. 

By the induction hypothesis, there exist R; and S; such that F (Tp @ Uo) || 
R; and F (ZT; ® U4) || V || S;, for 1 <7 <n, and an n-ary killing context 
T{ } such that the following holds. 


W—T{ Ry | S1,---,Rn | Sn} 
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Furthermore |(Zp © Uo) || Ri| and |(Z; ® U;) || V || $;| are bounded above by 
(To ® Uo ® ((T1 ®@ Vi) || V)) || WI. 

Hence, by the mcuenon hypothesis twice more there cost propositions 
PO, Pel a nd Qj; such that + T || Py, F Uo || Q¥°, F T; || Py” and 
Ee Ui || O. , for 1 < j < m? and 1 <k < mi}, and m?-ary killing context 
7{ } and m}-ary killing context 7;!{ } such that the following derivations 
hold. . . 

Re— Toy PP QP il<si sm) 
Vi Si— Ty Pe Qe isk smi 
Thereby the following derivation can be constructed, by Lemma 3. 


3 T{R||V || Si: 1 <i<n} 
Toe, eleg 
| 7 en eee 

é 2,0 4,0, <7 < J 
age Ge TLE ee sm} Vi cien 
| Pe Qe isk<m!} 


of PPE Lae Tae 
—T TF} s :1<j<m? 
oko 


— 


Now observe that the following proofs can be constructed. 
(To ® Ty) || PP? || Pe” — (To ||P) @ (TI) Pe) 


(Uo ® Ui) I Q}° 11 Qe" —+ (Uo 11 Q°) @ (Ti IQ") 


Furthermore, since Tp ® T; #1 and Up ® U; #1 by Lemma 11, we have the 
following strict multiset inequalities. 


C |(To @ T, ®@ Up ® Ui) || V || WI 


|Z oT) | PP 


C |(To @ T1 ® Up ® Ui) || V || WI 


|W @ Ur) IQ}? IQ 


Thereby the size of either of the above two proofs is strictly less than the 
size of any proof of (Tp @ T; ® Up ® Uj) || V || W, as required. 
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Principal seq case: Consider the principal case for sequential composi- 
tion. The difficulty in this case is that, due to associativity of sequential 
composition, the sequence rule may be applied in several ways when there 
are multiple sequential compositions. Consider a principal proposition of 
the form (To ; T,) ; T2, where we aim to split the formula around the second 
sequential composition. The difficulty is that the bottommost rule may be an 
instance of the sequence rule applied between Jo and 7, ; 72. Symmetrically, 
the principal formula may be of the form To ; (Ti ; T2) but the bottommost 
rule may be an instance of the sequence rule applied between To ; 7, and Jo. 
In the following analysis, only the former case is considered. The symmetric 
case follows the same pattern. 

Consider when the principal proposition is of the form (Zo ; T1) ; T2 
and the bottommost rule in a proof is of the following form, where Tp #1, 
Ty #1, otherwise splitting is trivial, and either U £1 or V #1 otherwise the 
sequence rule cannot be applied: 


(To; Ti; Ta) |] (U5 V) ||] W — (Co IU) 5 (1 5 Ta) IVY) IW 


such that ((Zo || U) ; ((Z1 ; T2) || V)) || W has a proof. By Lemma 8, 
\((o || B) 5 (Ti 3 Bs) VY) || WLC |(Zo 5 Tr s Ts) || (Us V) || WI hence the 
induction hypothesis may be applied. 

By the induction hypothesis, there exist P; and Q; such that | To || 
U || Pi and F(T, ; To) || V || Q:, for 1 <7 <n, and an n-ary killing context 
T{ } such that the following holds. 


W—-T{ Pertti, eye } 


where furthermore |(Ti ; T2) || V || Qi] & |((Zo |] U) ; (Zi 5 72) | V)) | WI, 
hence the induction hypothesis is enabled again. 

By the induction hypothesis, there exists Ri and Si such that + T} || Ri 
and F T || 55, for 1 < 7 < mj, and m;-ary killing context T’{ } such that 
the following derivation holds. 


VIlIQ@—T{ Ri Si,..., Bi, 3 Sh, } 


Furthermore, by Lemma 3 there exist killing context 7;'{ } and 7{ } and 
sets of integers J C {1,...,n}, K C {1,...,n} such that. 


TY Ri: Si. Ri Sh, JTL Ri: 7GeI}57H{ Si:keK } 
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Thereby, the following derivation can be constructed. 


(U;V) |W >WU;V) 7 Pi3 Q1,-.-, Pai Qn } 
— T{ (U5 V) || (Pr; Q1),-..,(U 5 V) || (Pas Qn) } 
—> T{ (U || Pi); (V |] Q1),---,(U I] Pa) s V I] Qn) } 
> T{ (UI PL) TY Ri; Si:1<j<m;}i1si<n} 


_,7) UIP) RY Rises bi TH Sf: kek} 
SES TS 
Furthermore, the following proofs can be constructed. 
PI T{ Siiisjsm\b—o TL BW si1sjsm} 
—3 T{uil<j<m} ol 


(ToT) I (UWP) TY Riis ism } 
> (Doll Ps (TITY Ritsj smi $) 
— TTY Rilsism 
er TY Ty || Ril sjsm 
— T'{i:l<j<m}—! 


By Lemma 10, we know that the size of the above two proofs is strictly less 
than the size of any proof of (To ; Ti ; T2) || (U ; V) || W. 


Commutative cases: The commutative cases to consider are for &, ® 
and ; where the principal proposition is involved in the bottommost rules, 
but the principal proposition is not modified. There are six cases to consider, 
three each for ® and ; as the root connective of the principal proposition. 


We present the commutative cases for & distributing over the principal 
proposition. Notice that killing contexts are necessary due to an application 
of the external rule in the context of another operator, thereby branching 
the proof search. 


Consider the commutative case for & where T @ U is the principal 
proposition. The bottommost rule is of the following form. 


(T@U)||V&W)|Q—>(TeU)||V&(TeU)||W)|1Q 


such that t ((T @ U) || V & (T.@U) || W) || Q holds. 
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By Lemma 2, (T'@U) || V || Q and alsot (T@U) || W || Q. 
Furthermore, by Lemma 5, |(T.®U) || V || Q| c |(LZ.@V) || (V&W) || Q 
and |((T @U) || W || Q| Cc \(T@U) || (V&W) | QI, hence the induction 
hypothesis is enabled. 

Therefore, by the induction hypothesis twice, there exist R? and $® 
such that + T || R? and U || S®, where 1 <i < m, and Rj and Si such 
that | T || Rj and F U || Sh, where 1 < j <n, and m-ary and n-ary killing 
contexts T°{ } and 7'{ } respectively such that the following holds. 


WO at REG r eS eteheh Se. 


Furthermore, |T' || R2| © |(7.@ UV) || V || Ql and |U || $9] S (TeV) IV 
and |T || Ri] C |(T@V) || W|I Ql and [U |) $3] C\(T@v) || WI. 


Thereby the following derivation can be constructed, as required. 


(V&W)||Q 
—V|Q&W|Q 
— TLV, || Bi,---, Vm || Rm } & T*{ Wi || S1,--., Wa || Sn } 


Notice that T'{ }&7?{ } is an (m+n)-ary killing context satisfying the 
induction invariant. 


Consider the commutative case for & where T ; U is the principal 
proposition. The bottommost rule is of the following form. 


(TU) ||V&W) | Q> (LU) V&(T;U) |W) |1Q 


such that + ((T.;U) || V & (2; UV) || W) || Q holds. 

By Lemma 2,+ (7; U) || V || Q and (7; VU) || W || Q. Furthermore, 
by Lemma 5 we have that |(T';U) || V || Q| c |(7;U) || V&W) || Q| and 
(7 ;U)||W || Q|c \(2;U) || (V & W) || QI, hence the induction hypothe- 
sis is enabled. 

Therefore, by the induction hypothesis, there exist R? and S$? such 
that + T || R? and U || S?, where 1 <i <™m, and Rj and Rj such that 
+ T || Rj and - U || SF, where 1 < j <n, and m-ary and n-ary killing 
contexts T°{ },7!{ } respectively such that the following derivation holds. 


VQ RY SPdtd 80) ey Hh Seb 
W\||Q —T'{ Rt; St, Rb; 53,..., RL; 52} 
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Furthermore, |T || R7] © (730) IV el, [OS] © (es 0) TV I Ql, 
IT || Ri] (TU) |W | Ql, [UI S?] © (2; TV) || W |] QI, hence strictly 


bounded above by |(T ; U) || (V & W) || Q]. 
Thereby the following derivation can be constructed. 


(V&W)||Q 
—V|Q&e&w|Q 
SPT PSS iacg tiny hen bee hy LU OL ewstg lt on. f 


Notice that T'{ }&7°{ } is an (m+n)-ary killing context satisfying the 
induction invariant. 


We present the cases where the sequence rule and switch rule commute 
with the principal proposition without direct involvement in the root connec- 
tive of the principal proposition. The cases are presented where the principal 
proposition moves entirely to the left hand side of seq operator. The cases 
where the principal proposition moves entirely to the right hand side of the 
seq operator, and the cases for times, are similar to the cases presented 
below; as are the commutative cases for the switch rule. Simply exchange 
seq for times and par at appropriate points. 


Consider the commutative case for sequential composition in the pres- 
ence of principal proposition T ; U, where the seq connective in the principal 
proposition is not active on the sequence rule. In this case, the bottommost 
rule in a proof is of the following form, where T ; U #1 and P £1. 


TIWHIV>IP)IWil@e—>(T;H1VIW);P)1Q 


such that - (((T'; U) || V || W) ; P) || Q holds. Furthermore, by Lemma 8, 
(FU) TV IW); P) IQ) c (2 3U) || VP) || W || QI, hence the in- 
duction hypothesis is enabled. 

By the induction hypothesis, there exists R;, S; such that | (T ; UV) || 
V || W || Ry andt P || S;, for 1 <i <n, and n-ary killing context T{ } 
such that the following derivation holds. 


Q—T{ Ris 8152824 ly) On, } 


Furthermore, |(T ; U) || V || W || Ril © |(((L 5 V) || V || W) ; P) || Q| hence 
the induction hypothesis is enabled again. 

By the induction hypothesis, for 1 < i < n, there exist propositions 
Pi, Qi such that | T || P} andt U || Qi hold, for 1 < j < m;, and killing 
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contexts T'{ } such that the following derivation holds. 


mi 
Furthermore the following strict multiset inequalities hold. 


ITN PA CITSO) IVs PW 


WIBlcKTsOHIVsP)IW IQ 
Hence the following derivation can be constructed, as required. 


(V;P)|W|lQ 
SS (Ve PR) |W Pt Rar sig wks ls af 
— T{(V;P) || W || (R15 S1),---,V 5 P) IW || (Rn; Sn) 
= T{ VW |] Ri) 3 (PU Si)... VW |] Ra) 5 (PI Sn) t 
— T{V || W || Ri,...,V || W || Rn } 
3 T{T{ Pi Qiis<jsm b:isi<n} 


The case for the sequence rule commuting with the principal proposition 
T ®U is similar to the above case. Also the cases for the switch rule 
commuting with seq and times as the principal proposition, follow a similar 
pattern. 


Deep inference cases: The remaining cases are the deep inference cases, 
where the bottommost rule does not interfere with the root connective of 
the principal proposition. We provide one illustrative case where sequential 
composition is the principal proposition and the rule applies only outside 
that connective. Assume that the following application of any rule is the 
bottommost rule in a proof. 


(TU) CLV } > (7; U) | CL WwW 


such that + (11; U) || C{ W }. By the induction hypothesis, there exist 
n-ary killing context T{ } and propositions Q; and R; such that | T || Q; 
and U || R;, for 1 <i <n, such that the following holds. 


Hence, the following derivation holds, satisfying the induction invariant. 


C{V}— c{w} 
=? T{ OM iia On Aa 


The Consistency and Complexity of 
Multiplicative Additive System Virtual 289 


A similar proof holds for any principal proposition. 


Alternatively, the bottommost rule may appear inside the context of 
principal proposition without affecting the root connective of the principal 
proposition. We provide one illustrative case where sequential composition 
is the principal proposition. Assume that the following application of any 
rule is the bottommost rule in a proof. 


(C{T};V)|W>(CLU};V) IW 


such that F (C{ U }; V) || W has a proof of length n. Hence by induction, 
there exist n-ary killing context T{ } and propositions P; and Q; such that 
+ C{ U } || Pj and F V || Q; hold and have a proof no longer than n, for 
1 <i<vn, and furthermore the following holds. 


W — T{ Pi; Q1,.--, Pr; Qn } 


Hence we can construct the following proof of length no longer than n+ 1, 
for all 7, as required. 


C{T}|RCl{ US| Rt 


A similar proof holds for any principal proposition. 
Thereby, all cases for the splitting lemma for multiplicatives have been 
considered. 


Lemma 13 (Splitting plus) Jf (T @U) || V, then there exist proposi- 
tions W; such that either+ T || W; or U || W; where 1 <i<n, and n-ary 
killing context T{ } such that V —> T{ Wi, Wo,...,Wn }. 


Proof: The proof is by induction on the size of the proof of the proposition 
to which splitting is applied, where the size of a proof is as in Defn. 3. 
Consider the base case for the plus operator. The cases for the left rule and 
right rule are symmetric. Without loss of generality, consider when the left 
rule is the bottommost rule in a proof as follows. 


(T@U)|| VOT IV 


such that + T || V, which immediately satisfies the conditions of the lemma. 


The three commutative cases for &, ; and ®, are similar to the commu- 
tative cases in Lemma 12. 
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Consider the commutative case for & when @ is the principal operator. 
In this case, the bottommost rule in a proof is of the following form. 


(TEU) ||V&EW)|PIQ@—> (TeV) | VI P&Tev)||WIP) |e 


such that + ((T @U) || V || P& (TeV) || W || P) || Q. 
By Lemma 2,+ (I @U) || V || P || Qand+ (T @UV) || W || P || Q hold. 
Furthermore, the size of the above proofs are bound as follows, by Lemma 5. 


(Tevy|IVIIPL@aclTevuj||Ve&W) | PI al 


(Tev)|| WI P|l@aclTevujy||Ve&W)] PIA 


Hence by induction there exists m-ary and n-ary killing contexts T{ } 
and T?{ } respectively and propositions R; and $;, where 1 < i < m and 
1<j <n, such that the following derivations hold: 


VI PIQ@— TL R,..., Rm } 
WIPIQ@— T{ S1,...,5n } 


and either F T || Rj or F U || R;; and also either F T || S; or F U || Sj. 
Hence the following derivation can be constructed, as required. 


V&EW)|PIQ@— VIP|Q@k&wi|Pi|aQ 
at I Ri can Pet Silas t 


Notice that T'{ }&7?{ } is an (m+n)-ary killing context satisfying the 
induction invariant. 


Consider the commutative case for seq in the presence of principal 
proposition T @ U. There are two cases to consider, when the principal 
proposition ends up on the left or right of the seq operator. Consider the case 
where the operator ends up on the left of seq. In this case, the bottommost 
rule in a proof is of the following form, where P #1. 


(TEU) ITV W)IPIQ@—> (eu) VW); P) IQ 


such that F (((Z'@U) || V || W) ; P) || Q holds. Furthermore, by Lemma 8 
(FU) IV |W); P) I Qc FSU) || (V;W) | P| Ql. By Lemma 12, 
there exist R; and S; such that + ([®U) || V || W || Rj and + P || S;, for 
1<i<n,and n-ary killing context T{ } such that the following derivation 
holds. 


Q—T{ Siete On} 
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Furthermore, also by Lemma 12, the following multiset inequality holds, 
enabling the induction hypothesis. 


El(TSeu) | VIW);P) 1A 


(PSU) | V || W I Ri 


By the induction hypothesis, for 1 <7 <n, there exist propositions P; such 
that either F T || P} or F U || Pi holds, for 1 < 7 < mj, and killing contexts 
T'{ } such that the following derivation holds. 


VWI Ro T'{ Pi,..., Ph, } 
Hence the following derivation can be constructed, as required. 


V;wW)||P||Q 
> (V;W)|| PI 7{ Ri; S1,.--, Ans Sn } 
SS TLV WY P| aS gs (VY SW) ||P || in SSF 
—T{(V || W |] Ri); (P| S1),---,V IW |] Re) 5 (P || Sr) 
—T{V |W fi,....V |W || Rn } 
SSI Pie hee Pele. Yh 


The other commutative cases for the sequence rule and switch rule are similar 
to the above case. 


The remaining cases are deep inference cases, where the bottommost rule 
does not interfere with the root connective of the principal proposition. We 
provide one illustrative case where plus is the root connective of the principal 
proposition and the rule applies only outside that connective. Assume that 
the following is the bottommost rule in a proof of length k + 1. 


(TEU) ||C{V }— (Tev) CL Ww } 


such that - (£;U) || C{ W } has a proof of length k. By Lemma 9 
(T eu) ||C{ W }C\(T eV) || C{ V }I, hence the induction hypothesis is 
enabled. 

By the induction hypothesis, there exist n-ary killing context T{ } and 
propositions P; such that either + T || P; or + U || Pj, for 1 <i <n, such 
that the following holds. 


C{W }—>T{ Pie cis Peso 


Hence clearly, the following derivation holds, satisfying the induction invari- 
ant. 
c{V}— c{W } 
— T{ Pry tg (Pi } 
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Alternatively, the bottommost rule may appear inside the context of 
principal proposition without affecting the root connective of the principal 
proposition. We consider the case for when the rule is applied on the left 
of @. Assume that the bottommost rule of a proof of length k + 1 is of the 
following form. 


(C{T}eV)||W—>CLU}eV) |W 


such that  (C{ U } @V) || W has a proof with & rule instances. Further- 
more, by Lemma 9, |(C{ U } @V) || W| E |(C{ T } BV) || WI], hence the 
induction hypothesis is enabled. 

Hence by induction, there exist n-ary killing context T{ } and proposi- 
tions P; such that either + C{ U } || P; or / V || PB, for 1 <7 <n, such that 
the following holds. 


W —T{ Pi,..-.,Pn } 
Hence either + V || P; holds, or the following proof of C{ T } || P; holds, for 
all i, as required. 


C{T hI Rel Up Ra! 


A symmetric proof holds for a rule applied in the right branch of ®. 
All cases for the splitting lemma for plus have been considered, thereby 
the lemma follows by induction on the size of the proof. 


Lemma 14 (Splitting atoms) The following statements hold. 


e For any atoma, if @|| T, then there exist atoms bi, bo, ..., bn such 
thata <b, for 1 <i<n, and n-ary killing contert T{ } such that 
T—T{ by, b2,...,6n ies 


e For any atoma, iff a|| T, then there exist atoms bi, bo, ..., bn such 
that bi Sa, where 1 Si<n, and n-ary killing context T{ } such that 
T—T{ by, b2,..-,0n Ps 


Proof: Proceed by induction on the size of the proof, as defined in 
Defn. 3. Consider the base case for atoms. The case for positive and negative 
atoms are symmetric in the direction of subsorting. Consider the case for 
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negative atoms and suppose that the bottommost rule in a proof is an atomic 
interaction as follows, where a and 6b are atoms such that F a < b. 


a||b|| UU 


where + U. Hence, the derivation 6 || U —> 6 can be constructed as required. 


Consider the commutative case for & when an atom a is the principal 
proposition. In this case, the bottommost rule in a proof is of the following 
form. 


a|[(T&U)| VWs @| Tl Ve&allUl Vv) Ww 


such that | (a || T || V & a || U || V) || W holds. By Lemma 2,+ a || T || V || 
W andi a||U || V || W hold. Furthermore, the following strict multiset 
inequalities hold, by Lemma 5. 


Ja [TV Wie jal 7&vu) Vw 


JaJU VI Wicle| @&u) Vv iw 


Hence, by induction, there exists m-ary and n-ary killing contexts T!{ } 
and T7{ } respectively and atoms b; and c; where l <i<mand1l<j<n 
such that the following derivations hold: 


VIP|Q—S T{h,...,b } 
W P| O— T7{ a,.. Ge} 


and furthermore + }; < a and+ cg < a for all 7. Hence the following 
derivation can be constructed. 


(Te&U)|VIW—-> TIV|weuiVviw 
3 Tf Bix es Om. | TA Geese } 


Notice that T'{ } & T*{ } is an (m+ n)-ary killing context satisfying 
the induction invariant. The case for negative atoms is symmetric in the 
direction of the subsorting relation. 


Consider the cases for the multiplicatives commuting with an atom. 
Firstly, consider the commutative case for seq in the presence of principal 
proposition a. In this case, the bottommost rule in a proof is of the following 
form, where U £1. 


al| (TU) ITV IW (all TV); 0) 10 
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such that F ((a || T || V);U) || W holds. Furthermore, by Lemma 8, the 
following strict multiset inequality holds. 


ITTY) wi wiclel Ts wiv | w 


By Lemma 12, there exist P; and Q; such that + a || V || T || PB and 
+ U || Q;, for 1 < i <n, and n-ary killing context T{ } such that the 
following derivation holds. 


W—T{ yeaa ance! crac emt 


Furthermore, |a || V || TZ || P;| € |((a@ || T || V) ; UV) || W], enabling the induc- 
tion hypothesis. 

By the induction hypothesis, for 1 <i <n, there exist atoms bi such 
that + bi <a, for 1 < 7 < m;, and m,-ary killing contexts T’{ } such that 
the following derivation holds. 


Hence the following derivation can be constructed. 


(T;U) || Vw 
SS NE A Pie Oise Oat 
> T{(T;U) VI (3 Q1),---,(75 0) IV | (Pr Qn) 
STE WV | Pos U3 Qi) aE VY | Pal: 3 Qa) + 
per ate Wee Vl se rere a Da fe ere 
Tf 74 bt, bs,...,B1,, cas 88... } } 


By construction, + 64 < a for all i and j and TA. bysg he fey a 
>>, mi-ary killing context, as required. The second commutative case for seq 
and the commutative case for times are similar, and the cases for negative 
atoms are symmetric. 


The remaining deep inference cases are when a rule appears in the 
context of the proposition. Assume that the following is the bottommost 
rule in a proof that applies k + 1 instances of rules. 


a|[C{V }—+al|C{ W } 


such that F a || C{ W } holds by applying & instances of rules. By Lemma 9, 
la || C{ W }| Cla || C{ V }|, hence the induction hypothesis in enabled. 
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By the induction hypothesis, there exist atoms 6; such that + b; < a, for 
1<i<n,and n-ary killing context T{ } such that the following derivation 
holds. 

C{ W }—T{ 1, b2,.--,8n } 


Hence clearly, the following derivation holds, satisfying the induction invari- 
ant: C{ V} —+C{ W}—>+T{ 61, be,...,5n }. 


We have covered all cases for the splitting lemma for atoms, thereby 
the lemma follows by induction on the size of the proof. 


4.2 From a Shallow Context to a Deep Context 


The context reduction lemma enables a implication that holds in a shallow 
context to be extended such that it holds in any context. Notice that the 
shallow context, consisting of only the par connective, is analogous to a 
sequent which is a context defined only by the meta-level connective comma. 
The proof of the context reduction lemma involves a stronger intermediate 
induction invariant from which the lemma follows directly. 


Lemma 15 (Context reduction) /f+ T || V implies + U || V, for any 
V, thent C{ T } implies + C{ U }, for any context C{ }. 


Proof: — Firstly we establish, by induction on the size of the context, the 
following stronger property. If C{ T }, then there exist U; for 1 <i<n 
and n-ary killing context T{ } such that + T || U;; and, for any proposition 
V there exists W; such that either W; = V || U; or W; =1 and the following 
holds: 

c{ V } — T{ Wi, Wo,...,;Wn } 


The base case is when the context is of the from { } || P, where the hole 
appears directly inside a parallel composition, in which case we are done. 


Consider the case for a context of the form (C{ }@U) || P such that 
+ (C{ T } @U) || P. By Lemma 12, there exist n-ary killing context T{ } 
and propositions Q; and R;, for 1 <i<n, such that 


and+ C{ T } || Q; and + U || R; hold. 
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By the induction hypothesis, for every 7 such that 1 <i <n, there exist 
m,-ary killing context T’{ } and propositions Ww} such that + T || W} holds, 
for 1 < j < m;; and, for any proposition V, for 1 < 7 < mj, there exists S% 
such that either S; = 1 or Si = V || W; and the following derivation holds: 


Hence we can construct the following derivation for any proposition V. 


(C{V }@U)||P— (C{V}@U)||T{ Q || Ri,---,Qn || Rn } 
— T{(C{V}@V)||Q || Ri: l<i<n} 
— T{C{V} | Q)@U | BR): 1<i<n} 
— T{C{V}|Q:1<i<n} 
+ FATTY Sten Sh, bil sisn} 


The final proposition above consists of a (7, mj)-ary killing context and 
propositions Si such that either Si =lor Si =" ||| Wi for all 7, 7. Thereby, 
the induction invariant is satisfied. The two cases for when the hole appears 
on the left or right of a sequential composition are similar to the above case 
for times. 


Consider the case for a context of the form (C{ }&JU) || P such that 
t (C{T }&U) || P. By Lemma 2, C{ T } || P and U || P hold. 

Hence, by the induction hypothesis, there exist killing context T{ } 
and propositions V; for 1 <i <nsuch that + T || Vj; and, for all propositions 
W, for 1 <i<n, there exists S; such that either S; =1 or S; = W || V; and 
the following derivation holds: 


C{W }]|| P—T{ Si,..., Sn } 
Hence we can construct a derivation as follows for all propositions W. 


(C{W}kU)||P— C{Wh}| P&U|P 
— CiWh||P&l 
SS. Ty eee 


where T{ }& {- } isa (n+1)-ary killing context and S,41 = 1, thereby 
satisfying the induction invariant. The case when the hole appears on the 
right of an external choice is similar. 

Consider the case for a context of the form (C{ }@U) || P where 
+ (C{ T }@U) || P. By Lemma 13, there exist killing context T{ } and V; 


The Consistency and Complexity of 
Multiplicative Additive System Virtual 297 


for 1 <i <n such that either  C{ T } || V; or F U || V; and the following 
derivation holds: 
P57 
Now, by the induction hypothesis, if / C{ T } || V; holds, then there exist 
T'{ } and propositions W} for 1 < 7 < m such that + T || W3; and, for 
any proposition Q for 1 < j7 < mj, there exists Si where wither Si =lor 
Si = || Ww} and the following derivation holds: 
CLQ}IIVi rT { St,...,5h, } 
Hence we can construct the following derivation for any proposition Q. 
(C{Q}@eU)||P— (C{Q}OU)||T{Vi,..-,Vn } 
— T{(C{Q} eV) |V,...,C{Q} BV) ||VM } 
— T{ Biss vig Teg: } 
where R; is defined as follows. 
p=! if U || V; 
‘| T{ St,...,5%, } otherwise 
The above is well-defined since if + U || V; holds, then 
(C{Q}@U)||Vi—-U|Vi-1=R; 


and, if F U || V; does not hold, then | C{ T } || V; must hold; hence the 
following derivation can be applied: 


(C{Q}@U)|Viwm CLQ}| YT Si,...,84, } HR 


Hence the induction invariant is satisfied. 

Having established the stronger intermediate lemma, assume that for 
any local proposition U, + S || U implies  T || U, and fix any context 
C{ } such that + C{ S } holds. By the above intermediate lemma, there 
exist n-ary killing context T{ } and, for 1 <i <n, P; such that either 
P; =1 or there exists W; where P; = T || W; and S || Wi, and furthermore 
C{T}—T{ Pi,..., Pn }. Since also T || W; holds for 1 <i < n, the 
following proof can be constructed. 

C{T}— T{P,...,Px}—T{1...,1} 1 
Therefore + C{ T } holds as required. 

Note that the above lemma corrects a flaw present in the corresponding 

lemma in [9]:Lemma 14. In particular, the possibility that W; = 1 in the 


induction invariant is required to handle the additives, even if the operator 
seg is removed. 
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4.3. Co-rule Elimination and Cut Elimination 


By a complementary rule, or co-rule, we mean a rule where the direction of 
rewriting is reversed and complementation is applied to both propositions in 
the rewrite rule. Given a rule of the form P —> Q, its co-rule is of the form 
Q — P. The full list of co-rules are presented in Fig. 3. Note that switch 
is its own co-rule. 

The following results show that the rules complimentary to those that 
appear in Fig. 2 are admissible in MAV. The proofs of the following lemmata 
follow from applying splitting exhaustively and finally applying the context 
lemma (Lemma 15). Note that admissibility results for two rules — the 
co-rules for the left and right rules, co-left and co-right respectively — were 
proven directly in Lemma 2. 


Lemma 16 (Co-tidy Elimination) If C{ 1@1}, then C{ 1}. 


Proof: Assume that + (I[@1) || T holds. By Lemma 13, there exist 
killing context T{ } and propositions U;, for 1 <i <n, such that + 1 || U; 
or F I || U; hold, hence F U; holds, and the following derivation can be 
constructed. 

T—T{ U,,U2,...,Un } 


Hence the following proof can be constructed, as required. 
T — T{ U4, U2,...,Un } — T{Uh...,1} 1 


Hence F I || T holds. Therefore, by Lemma 15, for any context / C{ I@1 } 
yields | C{ I }, as required. 


Lemma 17 (Co-external Elimination) 
If-C{ T@(U OV) }, then C{ (T@U) @(T@YV) }. 


Proof: Assume that + ((f@U)@V) || W holds. By Lemma 12, there 
exist killing context T{ } and propositions P; and Q;, for 1 <i <n, such 
that + ([ @U) || P; and V || Q; and the following derivation holds: 


W—-T{ Pi | CD ings Peg I Qn } 


Now, by Lemma 13, for every i, there exists killing context T’{ } and 
propositions Ri, for 1 < 7 < mj, such that either - T || Ri or F U || Ri 
holds and the following derivation holds: 


P,— T'{ Ri, R},..., Ri, } 
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I&Il1—+1 tidy G@||b—>Ilonlyifa<b atomic interaction 


(T@U)||V—-TeU||V) switch 


(TSU) VW) IV); UW) sequence 


TOU —>T left T@U —>U right 


T||(U&V) (TU) & (TI V) external 


(T;U)&(V;W) > (T&V);(U&W) medial 


I—>IQ@I1_ co-tidy I—+a@®bonly ifa<b atomic co-interaction 


(T@V);(U@W) > (T;U)@(V;W) _ co-sequence 


T—T&U _ co-left U—T&U _  co-right 


(T@U)SG(T@®V)— ~TeUSYV)  co-external 


(T@eV);(USW) > (T;U)8(V;W) _ co-medial 


Figure 3: Term rewriting system modulo an equational theory for SMAV. 
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Notice that if T || Ri holds then the following derivation can be constructed. 


(TEVGUGV)||RQ— (TEV) | Rill Q 
— (TIR) eV 12) 
— I 


Otherwise F U || Ri holds, hence the following derivation can be constructed. 


(TEVSUEV)|R|Q— (UeV) | Rll 9 
— (UR) @(V IQ) 
— I 
Hence we can construct the following proof, as required. 


(TEVOEUEV)|W 
— (TEVGUSV)||T{ Pi |] Q1,.--, Pr ll Qn } 
—+(T@VEU8EV) | T{ T{ Ri, R,..., Rn, dL Qil<i<n} 
—+(T@VEUEV)||TY T{ Ri Qi:lsism}:isi<n 
—T) (TEVEUEV) Ts Rl Q:l<j<m p:l<i<n 
= T{T{ (T@VEUEV) || Ri Qi:l<sism}:isi<n 
3 T{T{l:1<j<m}:l1<i<n} 
— I 


Hence + (T@®V@U®@V) || W holds. Therefore, by Lemma 15, for any 
context C{ (T @U) @V } yields C{ TOV OU WV }, as required. 


Lemma 18 (Co-segence Elimination) If+ C{ (I.;U) @(V ;W) } then 
C{ (T@V);(U@W) }. 


Proof: Assume that + ((7;U)@®(V;W)) || P holds. By Lemma 12, 
there exist n-ary killing context T{ } and Q? and Q}, for 1 <i <n, such 
that  (T; U) || Q? and + (V ; W) || Q} and the following derivation holds: 


P— T{ QUI] Q1,2 || Q3,---, QR ll Qh } 


Hence by Lemma 12, for k € {0,1} there exists m‘-ary killing context 7;*{ } 
and propositions RE, and SE, for 1 < j < m*, such that + T || RY, and 
FU || SP, and F V || Ri and F W || Si and the following derivation holds: 


4,4 


Qk > TH RE; Sti, Bhai Sho... Phin i Shas } 
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Hence we can construct the following proof. 
(T@V);(U@W)) ||P 
— ((T@V);UewWw)) | T{ QI 21,9 | Qa Qn ll Qn } 


Boe ie coach isismd } 
> (FeV);UeW)IT, | 7A Rly sShyi1<k<mt | 
Pal se ae 
0 0 
70 Figs 8 
Ps Ae T<j Sm 
— ((T@V);UeW))||T, “*) | (Ri, + S%,) 
NSE ee 14 
l<i<n 
(72,458) 
7. 
T; a I (Ri, ’ si, 
— ((T@V);(U@W)) ||T -1<j<m? 
1k mt 
:l<i<n 
0 1 
RO; || Rhy) 5 
T@V);UEW a ee sty I Sts) 
— ((TE@V);(UeW))| -1<j<m 
Lk <me 
:l<i<n 
(T@V);(UeW)) 
zi) 74 (28s WB) + (9%; 154.) 
— T : r1<9< m? 
/1l<k<m} 
ea lager ef 
(T@V) || R?,; ll Ri); 
md Te) ((U@W) || 92,11 St, 
=e :1<j<m!? 
:1<k<m} 
:l<i<n 
T || R2;) @(V | Rha) 5 
nm) Fy) ((u 52) o(W I Ste 
3 T ede 9p xe 
l<k<m} 
:l<i<n 
It Tt Tel eg soy etek em, helen } 
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Hence + ((T@®V);(U@W)) || P holds. Therefore, by Lemma 15, for 
any context F C{ ([;U) @(V; W) } yields C{ (T@V);(U @W) }, as 
required. 


Lemma 19 (Atomic Co-Interact Elimination) [ft C{ a@b }, where 
Fas b, then CLT}, 


Proof: Assume for atoms a and b, where F a < 6, F (a@b)o || T. 
By Lemma 12, there exist n-ary killing context T{ } and formulae U; 
and V; such that + a || U; and + 6 || Vj, for 1 < i < n, such aaa 
T — T{ UY || Vi, Ue || Va,... }. By Lemma 14, for every i, there exist m?- 
ary killing contexts 7,°{ } and atoms c such that + dd <aforl<j<m? 


oa 0! 
such that U; — T° ree \ By Lemma 14, for every 7, there 
exist m}-ary killing contexts 7;!{ } and atoms d* such that + b < d* for 
1 : 
1l<k< m} such that V; —> 74 a: viele al? \. Also, since c} <aand 


Fa<bandFb< dk, by the transitivity of < for atoms, c < dk. Thereby 
the following Aeevatiot holds, by repeatedly applying the eilernal rule. 
T— T{ U; | V1, U2 | Vo,... } 


T{ TPL dirs 5 smo} | TAL ak oe 
T{ 7) T2{ dii<jism }|dbisk<m} bi1< 
T{ TB To diab isj sm? pitsksm} }. ie <n} 
TATA Tol 1 <j <m)}:1<k<m} }:1<i<n}—1 


felt del 


Hence + T holds. Therefore, by Lemma 15, for any context C{ }, if 
+ C{ a@b } holds, then + C{ 1 } holds, as required. 


Proof of Theorem 3. Theorem 3 follows from the above co-rule elimina- 
tion results, by induction on the size of the proposition eliminated. Thereby 
we establish the consistency of the system MAV. The conclusion of the proof 
of Theorem 3 is provided below. 
Proof: The proof follows by inductively applying co-rule elimination on 
the structure of a proposition T’ appearing in a provable proposition of the 
form C { TOT he 

The base cases for any atom a follows since subsorting over atoms is 
reflexive hence if C{ @@a } then + C{ 1} by Lemma 19. The base case 
for the unit is immediate. 
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As the induction hypothesis in the following cases assume that, for any 
contexts, | C{ T @T } yields C{ 1} and+ D{ U@U } yields D{ 1}. 

Consider when the root connective in the formula is the times oper- 
ator. Assume that  C{ T@U@(T||U) } holds. By the switch rule, 
L C{ (es 4) T) | (U @ U) } holds. Hence, by the induction hypothesis twice, 
+ C{ 1} holds. The case for when parallel composition is the root connective 
is symmetric to the case for times. 

Consider when the root connective in the formula is parallel composition 
operator. Assume that + C{ (T;U)® (T : U) } holds. By Lemma 18, 
F C{ (T & T) : (U @ U) } holds. Hence, by the induction hypothesis twice, 
t C{ 1} holds. 

Consider when the root connective in the formula is the & opera- 
tor. Assume that F C{ (T&U)@(T@U) } holds. By Lemma 17, it 
holds that F C{ (T&U) @TO(T&U)@U }. By Lemma 2 twice, + 
C { TETOUEU } holds. Hence by the induction hypothesis twice, + 
C{1@1} holds. Hence by Lemma 16, + C{ 1 } holds, as required. The case 
for when internal choice, @, is the root connective is symmetric to the case 
for external choice. 

This completes the case analysis. Therefore, by induction on the size of 
the proposition T, if F C{ TOT } holds, then F C{ 1 } holds. 

The above proof follows a similar pattern to Proposition 3, except that 
a co-rule elimination lemma is applied at each step. The above theorem is 
constructive, hence a cut elimination algorithm can be extracted from this 
proof that could be machine checked. 


A symmetric term rewriting system. Note that no elimination result 
for the co-medial rules was required to establish cut elimination (Theorem 3). 
The co-medial rule can be eliminated directly using Corollary 1. 
Lemma 20 [ft C{ (T;U)86(V;W) } then+ C{ (T@V);(USW) }. 
Proof: Assume that! C{ ([;U)®@(V ;W) }. The following proof holds 
in MAV. 

(T;U)@V;W)~-(TeV);UEW) 

— ((7;U)||(TeV);UeW)) &((V;W) || (TeV); UewW))) 
— ((7;0) |i U) &(VsW) Il (V3 W)) 

— I&II >! 
Hence, by context closure in Corollary 1, the following is provable. 


FC{ (T;U)O(V;W) }~C{ (TeV);(USeW) } 
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Furthermore, by transitivity in Corollary 1, a proof of the following can be 
constructed in MAV, as required: | C{ (T @®V); (U®@W) }. 

Co-rules are interesting in their own right, since derivations extended 
with all co-rules coincide with provable linear implications. Suppose that 
SMAV is the system MAV extended with all co-rules. The following corollary 
is an immediate consequence of Theorem 3, the proof being standard for 
related calculi with a cut elimination result. 


Corollary 2 | V -©U if and only if U —> V in SMAV. 


The advantage of the former definition of linear implication, using provability, 
is that MAV is in some sense analytic [5, 7], hence the length of derivations 
is bounded. In contrast, in SMAV many co-rules can be applied infinitely. 


5 The Complexity of MAV 


We explore some immediate consequences of cut elimination. Firstly, we 
prove that MAV is a conservative extension of MALL with miz. Secondly, 
this observation is used to establish the complexity class of MAV. 


5.1 A Conservative Extension with the Operator Seq. 


To establish that MAV is a conservative extension of MALL, we must establish 
that, for any proposition T’ in MALL, i.e. without the seq operator, - T 
holds in MAV if and only if - T holds in MALL. The proof is divided into 
the following two lemmas. 


Lemma 21 For any proposition T in MALL, if T holds in MALL, then 
+ T holds in MAV. 


Proof: The proof is by induction on the depth of the proof tree in 
MALL. For sequents define the following transformation for proposition T 
and sequents [ and A. 


=T  WAJ=(II TAI 


Consider the base cases. | @, b follows from the atomic interact axiom 
in MALL only if a < b holds, hence [@, b] —> ! by the atomic interact rule 
in MAV. If FI, then trivially I is provable. 

Consider the inductive case for times. If  T, A,7 @ U follows from 
proofs of  T,T and | A,U in MALL, then by the induction hypothesis 
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[f', 7] and [A,U] are provable in MAV. Hence the following proof can be 
constructed in MAV. 


[v, A, 7 ® U] — [P,7] @[A,U] — 1 


Consider the inductive case for par. If + T,T || U follows from + 
I, 7T,U, then by the induction hypothesis [[, 7, U] is provable in MAV, and 
furthermore [I T, U] = [[,T || U], hence we are done. 

Consider the inductive case for mix. If F T, A follows from a proof of 
+ T and A, then by the induction hypothesis [I] and [A] is provable in 
MAV. Hence the following proof can be constructed in MAV: [T, A]] —> 1. 

Consider the inductive case for with. If } T,7 & U follows from proof 
of FT,T and + T,U in MALL, then by the induction hypothesis [I', 7] and 
[f', U] are provable. Hence the following proof can be constructed in MAV. 


[l,7 &U] 9 [,T] & [f,v] 1&1 1 


Consider the inductive cases for plus. Without loss of generality consider 
the left rule. If | T,7 GU follows from a proof of  [,7, then by the 
induction hypothesis [[, 7] is provable in MAV. Hence the following proof 
can be constructed in MAV. 


[l,7 eu] — [l,T] 1 


Hence, by induction on the depth of a proof tree in MALL, if FT, then 
[I] is provable in MAV. Since [7] = T, we are done. 

Notice that in a proposition that does not involve seq operator, the seq 
operator can be introduced in an intermediate state of the proof by a rule 
of the following form C{ (T;1) || @;U) } — C{ (LT ||); A] UV) }, where 
T #land U £1. The proof of the following proposition checks that such 
scenarios do not increase the number of propositions from MALL that are 
provable in MAV. 

By applying Theorem 1, we can establish the following contrapositive 
to Lemma 21. 


Lemma 22 For any proposition T in MALL, i.e. without the seq operator, 
if T holds in MAV, then + T holds in MALL. 


Proof: — The trick is to define a function s(Z7’) over propositions, that 
transforms every occurrence of seq to par, as follows, where © € {||,@,, &} 
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is any binary connective. 
TsO) = UEy te) s(T OU) =l(T) OU) 


s(I) =I s(a) =a s(@) =a 


We now aim to establish that if / T holds in MAV, then + s(T) is also 

provable in MALL. By establishing this stronger property, the lemma follows 

since for propositions P in MALL, s(P) = P since seq never occurs in MALL. 
Firstly, observe that the following equivalences hold. 


e o(75U);V) =9(7;(U;V)), 
e s(1; T) = s(T), 
e s(T 31) = s(T). 


Therefore if T = U, then s(T) = s(U). 
The base case is when T = ! is a proof of length 0 in MAV. In this 
s(T) =1 hence the following is a proof in MALL. 


F s(T) 
Now consider proofs in MAV of length n + 1 of the following form. 
W=c{U}—>c{V}—I1 


where C{ V } has a proof of length n and U —+ V is one instance of any 
rule in MAV. 

For rules other than sequence and medial, observe that s(U) —> s(V) 
follows by applying the same rule. For example, for the switch rule the 
following holds. 


s((P ® Q) || BR) = (s(P) ® s(Q)) || sR) 
— s(P) 8 (s(Q) || s(R)) = s(P @ (Q || R)) 


Furthermore, for all such rules, / V —- U by Lemma 1. 
Consider now the cases of the sequence rule. The following follows by 
applying associativity and commutativity of par. 


s((P 5 Q) || GR; $)) = (s(P) Il s(Q)) I] (sR) II _s(S)) 
= (s(P) || s(R)) Il (s(Q) Il s(5)) = s((P |] 8) 5 (@ IS) 
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Thereby + s((P || R) ; (Q || S)) — s((P; Q) || (R; .S)) holds in MALL. 
Consider also the case of the medial rule. In this case, observe that the 
following holds by definition. 


s((P & Q) ; (R&S) - s((P; R) &(Q; S)) 
= (s(P) @ (Q)) @ (5(R) © 3(5)) II (s(P) Il s()) & (8(@) || s(5)) 


Thereby | s((P&Q);(R&S)) -© s((P; R) & (Q; S)) holds in MALL by 
Lemma 1. 

Notice that in each case we have established that + s(V) —o s(U) holds 
in MALL and hence § s(C{ V }) —© s(C{ U }) holds by Proposition 2. Also 
observe that since C{ U } = W we have that s(C{ U }) = s(W) and hence 
F s(C{ U }) —c s(W) holds in MALL. 

Now, by the induction hypothesis, s(C{ V }) is provable in MALL, hence 
the following proof can be constructed for W using the rules of MALL and 
the cut rule. 


s(C{ V })  F s(C{V $), (Ct U }) 
F s(C{ U }) F s(C{ U }),s(W) 
t s(W) 


Hence, by Theorem 1, we can construct a proof of s(W) in MALL. 


5.2 Seq Preserves the Complexity Bound. 


Proof search in MAV, like MALL, is a PSPACE-complete decision problem. 
Lemmas 21 and 22, establish that provability in MAV is PSPACE-hard. It 
remains to establish that proof search in MAV is in PSPACE, as sketched in 
the following proposition. 


Proposition 4 Proof search in MAV is in PSPACE. 


Proof: The trick is to observe that branches of the proof separated by the 
with operators can be evaluated separately, in the sense that we can fix one 
branch of each with operator and never apply any rule inside the context of 
that branch. The following measure verifies that such derivations that forbid 
deductions in the context of one branch of a with operator are polynomial 
in length. For any proof, for a formula of MAV that does not involve the & 
operator, define the measure p(T’) to be the sum of the following: 


e the number of occurrences of the © operator in T. 
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e the cardinality of the multiset relation 7, defined such that for two 
occurrences of atoms a and b in T, a % 6 if and only if there is no 
C{ }, U and V, such that a occurs in U and 6 occurs in V such that 
TH=C, 0 Vt. 


e double the cardinality of the multiset relation ~, defined such that for 
any two occurrences of atoms a and b in T, a ~ 6 if and only if there is 
C{ }, U and V, such that a occurs in U and 6 occurs in V such that 
T=C1 U0 ||V } 


Every rule that is not applied inside a forbidden branch of a with operator 
strictly decreases the above measure. Hence a proof of any proposition T 
of size n that does not involve the & operator is of length no greater than 
w(T), where p(T) = O(n?). 

Now suppose that + JT is any proof in MAV. There are at most 2” 
independent branches in 7’ to check where n is the number of & operators 
that occur in the formula, obtained by hiding one branch of each with 
operator. Each of these independent branches can be investigated in parallel 
in a universal fashion by an alternating Turing machine [8]. An accepting 
state is reached when a proposition is equivalent to the unit. Since the 
alternating Turing machine finishes in polynomial time, and AP=PSPACE, 
we are done. 

Note the parallelism induced by independent branches could be illu- 
minated further by the proposed formalisms that are more explicit about 
concurrent proof search in deep inference, such as formalism B [47]. It 
may also be interesting to revisit the above problem in the context of the 
interactive proof class IP [42, 34]. 

The following is the main complexity result of this paper. 


Theorem 4 Proof search in MAV is PSPACE complete. 


Proof: By Lemma 21 and Lemma 22, the identity embedding of a propo- 
sition of MALL in MAV, reduces the problem of provability of a proposition 
in MALL to provability of the same proposition in MAV. Since by Theo- 
rem 2, provability in MALL is PSPACE-complete, provability in MALL is 
PSPACE-hard. Since, by Lemma 4, provability in MALL is in PSPACE, the 
problem is PSPACE-complete. 

The suitability of this complexity bound depends on the application, 
e.g. to verifying protocols or to querying provenance, as discussed in the 
introduction. Reductions to established PSPACE-complete problems, such 
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as certain decision problems for QBF and relational algebra, suggest a path 
for the implementation of tools based on MAV. 


6 Conclusion and Future Work 


This article is a companion paper for a conference paper [11] that observes 
connections between operators that appear in the proof calculi BV and MALL 
and operators that appear in session types. These observations lead to the 
system MAV investigated in this work. Further to the rules directly from 
BV and MAV, a rule relating seq from BV and with from MALL called the 
medial rule is required. This paper establishes proof theoretic results that 
are of primary importance when introducing a new proof calculus. 

The main result is the generalised cut elimination result in Theorem 3. 
By using cut elimination, many results can be established including the 
transitivity of an internal notion of linear implication (Corollary 1), the 
completeness of the symmetric extension of MAV (Corollary 2), and several 
results concerning session types that appear in the companion paper [11]. 
This main result follows from a technique developed in the calculus of 
structures called splitting. Novel features include the handling of subsorting 
for atoms, and the direct splitting of proofs into independent branches to 
control the size of the proof search (Lemma 2). The most challenging case is 
the principal case for seq in Lemma 12. This particular case is challenging 
due to interactions between seq and with, which do not co-exist in any other 
published proof calculus, although the problem was acknowledged several 
years previously [45]. A termination measure defined over multisets of 
multisets of natural numbers is introduced. The preservation of the measure 
by the problematic case involves the substantial case analysis in Lemma 10. 

The secondary result, in Theorem 4, establishes that proof search in MAV 
is PSPACE-complete. This result is included for a more complete picture, 
and to suggest an implementation path for a tool that decides provability 
by using a reduction to an established PSPACE-complete problem. 

In the literature, Ruet [41] presents a cut elimination result for a logical 
system in which the additives and both commutative and non-commutative 
multiplicatives co-exist, called NL. A distinction between NL and MAV is 
that NL has a pair of De Morgan dual non-commutative operators and two 
multiplicative units; whereas MAV has a single self-dual non-commutative op- 
erator and a single self-dual multiplicative unit. A stronger difference is that 
the non-commutative operators in NL are subject to “seesaw” and “entropy” 
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rules that together make these operators cyclic in the sense that propositions 
can be ordered but the last proposition in a structure is effectively ordered 
directly before the first, forming a cycle. Such a cyclic non-commutative 
logic has been proposed as an approach to quantum logic [52]. However, the 
cyclic non-commutative operators of NL do not meet the requirements of 
explicitly ordering events in a finite session of a protocol, as explained in 
the companion paper that motivates MAV [11]. 

The reason for such a thorough proof theoretic treatment of MAV is that 
we propose MAV for a range of applications in computer science. Applications 
include the verification of protocols using session types, as proposed in the 
companion paper [11], and query languages for partially ordered structures 
such as provenance diagrams [10, 31]. To be able to use MAV in confidence, 
the fact that it is a consistent logical system in a well understood complexity 
class, increases confidence that MAV is a “good” model to use in some 
objective sense. 

The consistency of the system suggests that MAV is a solid starting point 
for future investigations into more expressive proof calculi. We know that 
the induction measure for splitting presented is not sufficient to handle the 
additive units, for which the induction measure would need to be revisited. 
However, we know that the techniques presented here adapt to an extension 
of MAV with first-order quantifiers. MAV is a finite calculus in which only 
finite structures can be presented. In future work, we aim to investigate 
extensions for second-order quantifiers [48] and infinite structures [3] that 
are likely to be undecidable [46, 32]. 
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